AUTHORS of the VoidStealer Trojan have uncovered a new method to bypass Google Chrome’s App-Bound Encryption (ABE), enabling infostealers to harvest cookie data and other secrets from Chrome. The bypass marks another successful sidestep of Chrome’s ABE, which Google introduced in July 2024 to protect cookie data on Windows and was designed to let only the Chrome application decrypt stored data.
According to Kaspersky, the approach targets the moment when Chrome decrypts data and uses a brief window where the master key is exposed in plaintext in memory to sign into sites or access saved credentials. The technique involves attaching the malware to the browser as a debugger, pausing the process at the exact decryption moment to extract the encryption key directly from memory.
This demonstrates that, despite ABE, browsers remain a popular target for attackers and that infostealers such as Meduza Stealer, Whitesnake, Lumma Stealer and Lumar have continued to harvest data post-ABE. May 6, 2026, the article notes these developments as part of ongoing browser security challenges.