VoidStealer malware employs a novel technique to bypass Google Chrome's App-Bound Encryption (ABE), a security mechanism introduced in Chrome 127 (July 2024) to protect session cookies and other sensitive data. ABE ties encryption keys to the Chrome application, preventing other processes from accessing the master key used to decrypt stored data. VoidStealer circumvents this by attaching itself as a debugger to the Chrome process, setting breakpoints at the code section where decryption occurs, and reading the master key directly from Chrome's memory when it is temporarily in plaintext. This approach allows the malware to hijack authenticated sessions and steal sensitive user data. The malware also impacts other Chromium-based browsers implementing ABE. VoidStealer is distributed as malware-as-a-service, facilitating widespread use by attackers. The analysis is based on a detailed Kaspersky blog post dated May 6, 2026. No vendor advisory or patch information is available.

The malware enables attackers to bypass Chrome's intended protection of session cookies and sensitive data, allowing hijacking of authenticated sessions and theft of personal or financial information. This undermines the security improvements introduced by App-Bound Encryption, exposing users of Chrome and other Chromium-based browsers on Windows to data theft. The malware's debugger-based memory extraction technique does not require privilege escalation but relies on the ability to run code with the user's privileges. The widespread availability of VoidStealer as malware-as-a-service increases the risk of mass infections. There is no indication that this threat currently exploits zero-day vulnerabilities or that it is actively exploited in the wild at scale.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Users should avoid installing software from untrusted sources to reduce infection risk. Keeping operating systems and software up to date is recommended to mitigate exploitation of known vulnerabilities. Use robust security solutions to detect and block suspicious activities in real time. Avoid storing passwords and financial information directly in browsers; instead, use dedicated secure password managers. Since the malware exploits a runtime memory exposure, traditional encryption mechanisms alone may not suffice. No official fix or update from Chrome or other vendors is mentioned in the available data.