Skip to content
Tech News
← Back to articles

Yet Another Way to Bypass Google Chrome's Encryption Protection

2026-05-06 | original
read original more articles
Why This Matters

The discovery of methods to bypass Chrome's App-Bound Encryption highlights ongoing challenges in securing browser data against increasingly sophisticated malware. This development underscores the need for continuous innovation in browser security to protect user privacy and sensitive information. For consumers and the tech industry, it emphasizes the importance of layered security measures beyond just browser protections.

Key Takeaways

In another sign that browsers continue to be a prime attack target, authors of the VoidStealer Trojan have uncovered a way to bypass a Chrome security feature designed to protect session cookies and other sensitive data.

It's the latest successful bypass of Chrome's App-Bound Encryption (ABE), introduced by Google in July 2024 and compatible with other Chromium-based browsers that also use ABE, like Microsoft Edge, Opera, Vivaldi, Brave, and others, according to Kaspersky.

Google introduced ABE specifically to protect cookie data against infostealers on Windows systems. As the company explains, Google uses the highest level protections the operating system provides — like Keychain services in macOS and system-provided wallets on Linux systems — to encrypt and protect cookies and other sensitive browser data. The problem with the equivalent Data Protection API (DPAPI) feature in Windows is that it does not protect stored data like cookies and passwords from being accessed by malicious applications like infostealers, masquerading as a legitimate, logged in user. ABE aimed to fix the problem by ensuring that only the Chrome application itself could decrypt stored data rather than any process running as the legitimate user.

Related:Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia

Bypassing Browser Protections

"The architects of this feature assumed that to access ABE-protected browser data, an infostealer would either need to escalate its privileges to system-level, or inject malicious code directly into Chrome," Kaspersky researcher Alanna Titterington said. "In theory, this should have made attacking Chrome significantly harder and reduced the effectiveness of mass-market infostealers," she said.

In reality however, security researchers and malware authors have found ways to bypass the protection almost as soon as Google implemented the feature in Chrome. The authors of infostealers like Meduza Stealer, Whitesnake, Lumma Stealer, and Lumar have all successfully continued to harvest cookie data and other secrets from Chrome, even after Google implemented ABE.

And researchers have demonstrated ways to do it as well. Titterington pointed to an effort by researcher Alex Hagenah, who showed how an attacker could extract cookies, passwords, payment methods, and tokens from Chrome even with ABE. His technique combined fileless, in-memory execution, process hollowing, direct system calls, and other stealth techniques to access encrypted data as if it were legitimate Chrome activity. Last year, CyberArk disclosed how its researchers developed a new so-called C4 attack technique that allowed them to decrypt Chrome cookies, even as a user with low privileges.

Related:WhatsApp Leaks User Metadata to Attackers

A Different Tactic

... continue reading

Explore topics: google chrome chrome encryption chromium chrome security voidstealer
Related:
Google Chrome Might Have Installed an AI Model Onto Your Device Without You Knowing
Google Chrome Is Downloading a 4GB AI Model Onto Your Device Without Consent, Researcher Warns
Is Chrome’s 4GB “weights.bin” file spyware? The truth behind the viral warnings
Is Chrome’s 4GB ‘weights.bin’ file spyware? Google clarifies (Updated)
Chrome’s AI features may be hogging 4GB of your computer storage

© 2026 GoKawiil

About | Editorial Policy | Contact