OX Safety researchers discovered that greater than 900,000 Chrome customers unknowingly uncovered delicate AI conversations after putting in malicious browser extensions masquerading as respectable productiveness instruments.
The marketing campaign highlights how trusted browser ecosystems may be quietly abused to siphon off proprietary information, private data, and company intelligence at scale.
The malware “… provides malicious capabilities by requesting consent for ‘nameless, non-identifiable analytics information’ whereas truly exfiltrating full dialog content material from ChatGPT and DeepSeek classes,” OX researchers stated in a weblog submit.
How the malicious extensions monitor and acquire information
As soon as put in, the malicious Chrome extensions established persistent visibility into customers’ shopping exercise by leveraging the chrome.tabs.onUpdated API, which permits extensions to watch tab adjustments and web page hundreds in actual time.
This functionality enabled the malware to silently observe when customers navigated to AI platforms equivalent to ChatGPT or DeepSeek with out elevating suspicion.
When a goal web page was detected, the extension dynamically interacted with the webpage’s doc object mannequin (DOM) to extract delicate content material immediately from the browser session. This included full consumer prompts, AI-generated responses, and session-related metadata that tied conversations to particular customers and shopping contexts.
As a result of the information was harvested from the rendered web page itself, the attackers didn’t must intercept community visitors or exploit vulnerabilities within the AI companies.
How stolen information is aggregated and exfiltrated
Every contaminated browser occasion was assigned a novel identifier, permitting the risk actors to correlate conversations throughout classes and construct detailed consumer profiles over time.
Along with AI chat content material, the extensions collected the entire URLs of all open Chrome tabs, offering attackers with visibility into customers’ shopping habits, inner functions, and doubtlessly delicate company assets.
The harvested information was briefly saved domestically, then aggregated, Base64-encoded, and transmitted in scheduled batches to attacker-controlled command-and-control (C2) servers roughly each half-hour. This periodic exfiltration sample decreased the chance of detection whereas enabling regular information assortment at scale.
Notably, the assault didn’t depend on refined exploits, privilege escalation, or zero-day vulnerabilities. As a substitute, it exploited extreme extension permissions and deceptive consent prompts that claimed to gather solely “nameless, non-identifiable analytics.”
In actuality, the extensions exfiltrated full, identifiable dialog content material and shopping information. This demonstrates how respectable browser APIs and imprecise permission language may be abused to allow in depth surveillance beneath the guise of benign performance.
Decreasing danger from AI-powered browser extensions
As AI-enabled instruments turn out to be integral to on a regular basis workflows, browser extensions have emerged as a high-risk but continuously underestimated assault floor.
Successfully managing this danger requires a layered strategy that mixes robust technical controls, steady monitoring, and knowledgeable, security-aware customers.
- Instantly take away the malicious extensions and assessment endpoint telemetry to establish affected customers, extension IDs, and potential information publicity.
- Deal with browser extensions as a managed assault floor by imposing allowlists, blocking sideloading, and revalidating extensions when permissions or possession change.
- Use endpoint and browser administration instruments to implement company browser profiles and stop unauthorized extension set up.
- Apply information loss prevention (DLP) controls and logging to AI utilization to detect and restrict the publicity of delicate information shared with AI platforms.
- Monitor browser and community exercise for indicators of extension-based compromise, together with irregular API utilization and suspicious outbound connections.
- Practice staff on the dangers of AI-enabled browser extensions and implement least-privilege entry for AI instruments.
- Often take a look at incident response plans with extension- and AI-related situations to make sure groups can rapidly include breaches and assess information publicity.
Collectively, these measures assist organizations transfer from reactive cleanup to proactive protection by lowering the chance that browser extensions will turn out to be silent gateways for information theft and compromise.
Editor’s observe: This text first appeared on our sister publication, eSecurityPlanet.com.
