A newly discovered information stealer called VoidStealer has developed a sophisticated method to bypass Chrome's Application-Bound Encryption (ABE) security feature. The malware uses a debugger-based technique to extract Chrome's master key, which is used to decrypt sensitive data stored within the browser including passwords, cookies, and payment information.
The attack represents a significant escalation in browser-targeting malware capabilities. Chrome's ABE was specifically designed to prevent unauthorized access to encrypted browser data by binding encryption keys to the user's Windows identity. VoidStealer's ability to circumvent this protection mechanism poses a serious threat to users who rely on browser-stored credentials.
The malware operates by exploiting Chrome's debugging interface to gain access to the browser's internal processes and memory structures. This allows VoidStealer to locate and extract the master encryption key that Chrome uses to protect stored user data. Once obtained, this key enables the malware to decrypt previously protected information that would normally be inaccessible to unauthorized applications.
Google has been notified of the vulnerability exploitation technique used by VoidStealer. Users are advised to keep Chrome updated to the latest version and avoid running suspicious executables. Organizations should implement endpoint detection and response solutions capable of identifying unusual debugger activity and process injection attempts targeting browser processes.