New VoidStealer Malware Bypasses Chrome's Application-Bound Encryption
A new infostealer called VoidStealer uses a novel debugger-based technique to bypass Chrome's Application-Bound Encryption and extract decryption keys without requiring privileged escalation.
Key Points
- VoidStealer uses a novel debugger-based technique not previously seen in the wild
- Bypasses Chrome's ABE without requiring privileged escalation or admin rights
- Threatens passwords, cookies, and other sensitive browser data
Full Details
Security researchers have discovered a new infostealer dubbed 'VoidStealer' that successfully bypasses Chrome's Application-Bound Encryption (ABE) security control using a first-seen debugging method. The malware extracts Chrome's decryption key through a debugger-based technique that does not require admin privileges, unlike previous ABE bypass methods that needed code injection or service abuse. ABE was introduced in Chrome 127 in 2024 to lock sensitive browser data like passwords and cookies behind tighter encryption tied to privileged system services. This new bypass method raises significant concerns about the future effectiveness of browser data security controls and the evolving sophistication of infostealer malware.
Why It Matters
This breakthrough bypass technique could render Chrome's ABE security control ineffective, forcing browser vendors to develop new protection mechanisms against evolving infostealer threats.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
One Month Into Iran War: Global Economy Faces Major Disruptions
One month after the US and Israeli war on Iran began, the global economy is experiencing the largest supply disruption in oil market history, with cascading effects on inflation, air travel, food prices, and even semiconductor chip production.
AI Targeting Systems in Iran Conflict Raise 'Cold War' Concerns
Reports confirm Palantir's AI targeting systems used in Ukraine are now being integrated into Iranian drone operations, sparking concerns about an emerging AI arms race and ethical questions about autonomous warfare.
G7 Policymakers Hold Crisis Talks as Iran-Russia War Roils Global Economy
Top western G7 policymakers convened emergency discussions to address the economic turmoil caused by the ongoing Iran-Russia war, as the conflict continues to strain global supply chains and markets.
WTO E-Commerce Duties Moratorium Expires as Global Trade Talks Stall
The global moratorium on customs duties for digital downloads and streaming has expired after WTO ministers in Yaoundé, Cameroon failed to reach an extension agreement, with talks now moving to Geneva.