Don't trust, verify (the code). Just 60 lines! No third-party code.
Works offline: open aes-256-gcm-file-encryption.html in a browser.
The encrypted file is indistinguishable from a random sequence of bytes without knowing the key (there are no identifiers).
This tool does not use a KDF (Key derivation function; which improves the strength of weak passwords) because it is designed to be used only with a strong password, or even better, a strong passphrase (e.g. 128 bits of entropy in 6 words at wiktionary-passphrase-generator.html).
Details: AES-256-GCM encryption algorithm (commonly used for HTTPS). Key is SHA-256(passphrase). Encrypted file is random 12-byte IV + ciphertext + 16-byte tag. Uses Web Cryptography API (no homemade crypto).
Maximum file size: ~64 GiB (NIST SP 800-38D sec. 5.2.1.1). File size must be less than available RAM (Web Cryptography API does not support streaming).