VoidStealer Trojan Bypasses Chrome App-Bound Encryption to Steal Credentials

Authors of the VoidStealer information-stealing Trojan discovered a new technique to bypass Google Chrome’s App-Bound Encryption (ABE), a protection introduced to prevent credential theft from the browser. The bypass enables infostealer malware to extract stored passwords and session tokens from Chrome. This is at least the second publicly known ABE bypass method, indicating the protection is under active pressure from infostealer authors. Endpoint security teams should ensure infostealer detections are current and treat Chrome-stored credentials as potentially at risk in high-threat environments.