A newly reported information stealer called VoidStealer can bypass Google Chrome’s Application-Bound Encryption (ABE) on Windows by using a debugger-based technique to extract the browser’s master key, according to BleepingComputer. With that key, the malware can decrypt sensitive browser data including cookies, saved credentials, and session tokens that ABE was designed to better protect.
The technique matters because Chrome rolled out ABE in 2024 to make stolen browser databases less useful outside the original app and device context. VoidStealer does not appear to break Chrome’s encryption directly. Instead, it targets the point where the key is available during normal browser operation, showing how infostealers are shifting from offline file theft to runtime abuse of live processes.
That shift has practical consequences for both consumers and enterprises. Stolen cookies and session tokens can let attackers hijack accounts without needing a password reset workflow, and in some cases can sidestep MFA if a session is already authenticated. For business users, that raises the risk of unauthorized access to email, cloud dashboards, internal portals, and remote access services, including VPN sessions tied to browser-based authentication.
No CVE has been tied to the activity in current public reporting, and the story is better understood as a malware capability update than a single software flaw. The broader lesson is that endpoint compromise can still defeat protections meant to secure data at rest. If malware can run under the same user context, it may be able to wait until protected material is legitimately decrypted and then steal it from memory.
Defenders should treat browser secret theft as a full account-compromise risk. Recommended steps include revoking active sessions, rotating exposed credentials, enforcing phishing-resistant MFA where possible, reducing local admin rights, and monitoring for suspicious access to browser processes or debugging behavior. Browser hardening still raises attacker costs, but VoidStealer shows those costs are not high enough to stop adaptation.
