An information-stealing malware dubbed “VoidStealer” is being reported as using a new method to bypass Google Chrome’s Application-Bound Encryption (ABE) protections and extract the browser master key. With that key, attackers can potentially decrypt sensitive data stored by Chrome.

What’s notable

- Chrome’s ABE is intended to make it harder for malware to steal and decrypt browser-stored secrets.

- VoidStealer reportedly leverages a debugger-focused approach to defeat that protection, demonstrating that commodity malware continues to evolve around endpoint defenses.

Impact

If attackers obtain the master key and related data, it can lead to credential theft, session hijacking, and downstream compromise of email, SaaS, and developer platforms.

Defensive recommendations

- Reduce the blast radius: use a password manager (not browser-stored passwords) and enable MFA/passkeys where possible.

- Harden endpoints: keep OS and browsers updated, deploy EDR/antimalware, and restrict local admin privileges.

- Monitor for infostealer indicators: unusual browser data access, suspicious child processes, and unexpected network beacons.

- For organizations: prioritize protecting developer workstations and high-privilege users; rotate credentials if infostealer infection is suspected.

Looking ahead

As browsers add stronger encryption and binding, attackers will increasingly target the surrounding environment (debugging, injection, token theft) rather than only the stored ciphertext.