Two malicious Chrome extensions had been noticed exfiltrating browser knowledge and customers’ conversations with ChatGPT and DeepSeek, OX Safety experiences.
Impersonating a legit extension from AITOPIA, the 2 extensions gathered over 900,000 downloads, probably impacting as many customers.
The functions, known as ‘Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI’ and ‘AI Sidebar with Deepseek, ChatGPT, Claude and extra’, are not obtainable within the Chrome net retailer.
In response to OX Safety, the extensions had been abusing the AI-powered net growth platform Lovable to host infrastructure elements and anonymize their exercise.
The legit AITOPIA extension they had been impersonating permits customers to speak with fashionable LLM fashions by a sidebar on prime of visited web sites.
The malicious functions copied the legit extension and added code that requested consumer consent to reap “nameless, non-identifiable analytics knowledge” however as a substitute stole the customers’ full ChatGPT and DeepSeek conversations.Commercial. Scroll to proceed studying.
Each extensions, OX Safety says, collected all URLs from Chrome tabs, search queries, URL parameters containing session tokens, consumer IDs, and different authentication knowledge.
By stealing the URLs from all browser tabs, they probably leaked inner company domains, seemingly exposing company infrastructure and instruments, OX Safety says.
Relying on how the affected customers interacted with the LLM fashions, the extensions probably exfiltrated supply code and growth queries, personally identifiable data (PII), delicate data reminiscent of confidential knowledge and authorized issues, and enterprise methods and planning.
“This knowledge might be weaponized for company espionage, id theft, focused phishing campaigns, or bought on underground boards. Organizations whose workers put in these extensions might have unknowingly uncovered mental property, buyer knowledge, and confidential enterprise data,” OX Safety notes.
Customers are suggested to take away the malicious extensions from their Chrome browser as quickly as attainable.
Associated: GhostPoster Firefox Extensions Cover Malware in Icons
Associated: Chrome, Edge Extensions Caught Monitoring Customers, Creating Backdoors
Associated: Google Fortifies Chrome Agentic AI In opposition to Oblique Immediate Injection Assaults
Associated: New Firefox Extensions Required to Disclose Knowledge Assortment Practices
