Google Chrome tried to block infostealer malware — but these hackers say they've already beaten it

chrome firefox extensions
Image credit: Shutterstock (Image credit: Shutterstock)

Google’s attempt to block infostealer malware grabbing data stored in its Chrome browser seems to have been short-lived, with multiple variants claiming to have already successfully bypassed it.

In late July 2024, Google released Chrome 127, which introduced App-Bound Encryption, a feature which looked to ensure sensitive data stored by websites or web apps was only accessible to a specific app on a device. It works by encrypting data in such a way that only the app that created it can decrypt it, and was advertised as particularly useful for protecting information like authentication tokens or personal data.

Now, mere months after it was introduced, the protection mechanism has already been cracked by some of the most popular infostealers out there, BleepingComputer reports, claiming the likes of MeduzaStealer, Whitesnake, Lumma Stealer, Lumar, Vidar, and StealC have all introduced some form of bypass.

Prioritizing impact

Some of the upgrades are also confirmed to be working with Chrome 129, the newest version of the browser available at press time.

"We are aware of the disruption that this new defense has caused to the infostealer landscape and, as we stated in the blog, we expect this protection to cause a shift in attacker behavior to more observables technique such as injection or memory scraping," a Google spokesperson told TechRadar Pro.

"This matches the new behavior we have seen. We continue to work with OS and AV vendors to try and more reliably detect these new types of attacks, as well as continuing to iterate on hardening defenses to improve protection against infostealers for our users."

“Added a new method of collecting Chrome cookies,” Lumma’s developers allegedly told its customers recently. “The new method does not require admin rights and/or restart, which simplifies the crypt build and reduces the chances of detection, and thus increase the knock rate.”

Exfiltrating information from browsers is a key feature for most prominent infostealers out there. Many people save things like passwords, or payment data, inside their browsers for convenience and quick access. Many also use cryptocurrency wallet add-ons for their browsers, as well. By stealing cookies, crooks are even able to log into services protected by multi-factor authentication (MFA). All of this makes browsers one of the most important targets during data theft.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning