What's Happening?
Cybersecurity researchers have identified two malicious Chrome extensions that have been exfiltrating data from users' interactions with AI chatbots like ChatGPT and DeepSeek. These extensions, named 'Chat
GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI' and 'AI Sidebar with Deepseek, ChatGPT, Claude, and more,' have collectively amassed over 900,000 users. The extensions were found to be sending user conversations and browsing data to remote servers every 30 minutes. The extensions impersonate a legitimate extension and request permissions under the guise of collecting anonymized data, but instead, they exfiltrate complete conversation content. This tactic, known as 'Prompt Poaching,' poses significant risks, including corporate espionage and identity theft.
Why It's Important?
The discovery of these malicious extensions highlights the growing threat of data exfiltration through seemingly legitimate browser add-ons. As AI tools become more integrated into daily online activities, the potential for sensitive information to be compromised increases. Organizations whose employees have installed these extensions may have unknowingly exposed critical business information, leading to potential financial and reputational damage. The incident underscores the need for robust cybersecurity measures and vigilance in monitoring the permissions granted to browser extensions. It also raises concerns about the adequacy of current security protocols in app stores like the Chrome Web Store.
What's Next?
Users are advised to remove these extensions immediately and exercise caution when installing new browser add-ons, even those with 'Featured' tags. The incident may prompt Google and other browser developers to enhance their vetting processes for extensions to prevent similar occurrences. Organizations might also need to review their cybersecurity policies and educate employees about the risks associated with browser extensions. This situation could lead to increased scrutiny and regulation of browser extensions to protect user data more effectively.
