Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats

Chrome Extensions With 900,000 Downloads Caught Stealing AI Chats

Posted on By CWS

Two malicious Chrome extensions had been noticed exfiltrating browser knowledge and customers’ conversations with ChatGPT and DeepSeek, OX Safety experiences.

Impersonating a legit extension from AITOPIA, the 2 extensions gathered over 900,000 downloads, probably impacting as many customers.

The functions, known as ‘Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI’ and ‘AI Sidebar with Deepseek, ChatGPT, Claude and extra’, are not obtainable within the Chrome net retailer.

In response to OX Safety, the extensions had been abusing the AI-powered net growth platform Lovable to host infrastructure elements and anonymize their exercise.

The legit AITOPIA extension they had been impersonating permits customers to speak with fashionable LLM fashions by a sidebar on prime of visited web sites.

The malicious functions copied the legit extension and added code that requested consumer consent to reap “nameless, non-identifiable analytics knowledge” however as a substitute stole the customers’ full ChatGPT and DeepSeek conversations.Commercial. Scroll to proceed studying.

Each extensions, OX Safety says, collected all URLs from Chrome tabs, search queries, URL parameters containing session tokens, consumer IDs, and different authentication knowledge.

By stealing the URLs from all browser tabs, they probably leaked inner company domains, seemingly exposing company infrastructure and instruments, OX Safety says.

Relying on how the affected customers interacted with the LLM fashions, the extensions probably exfiltrated supply code and growth queries, personally identifiable data (PII), delicate data reminiscent of confidential knowledge and authorized issues, and enterprise methods and planning.

“This knowledge might be weaponized for company espionage, id theft, focused phishing campaigns, or bought on underground boards. Organizations whose workers put in these extensions might have unknowingly uncovered mental property, buyer knowledge, and confidential enterprise data,” OX Safety notes.

Customers are suggested to take away the malicious extensions from their Chrome browser as quickly as attainable.

Associated: GhostPoster Firefox Extensions Cover Malware in Icons

Associated: Chrome, Edge Extensions Caught Monitoring Customers, Creating Backdoors

Associated: Google Fortifies Chrome Agentic AI In opposition to Oblique Immediate Injection Assaults

Associated: New Firefox Extensions Required to Disclose Knowledge Assortment Practices

Security Week News Tags:, , , , ,

Related Posts

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack Security Week News
US Offering Million Reward for RedLine Malware Developer US Offering $10 Million Reward for RedLine Malware Developer Security Week News
Onit Security Secures M for Advanced Cyber Solutions Onit Security Secures $11M for Advanced Cyber Solutions Security Week News
Critical Chrome Vulnerability Earns Researcher ,000 Critical Chrome Vulnerability Earns Researcher $43,000 Security Week News
Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks Security Week News
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Security Week News