Malicious Chrome Extensions Stole Conversations With AI Tools

As reported by the web portal SecurityWeek, security researchers have warned about two malicious Chrome extensions that secretly collected browser data, including users’ conversations with AI tools such as ChatGPT and DeepSeek. According to a report by OX Security, the extensions impersonated a legitimate add-on associated with a well-known AI service, enabling them to surpass 900,000 downloads. Although users were asked to consent to the collection of allegedly anonymous analytics data, the extensions in practice harvested complete AI conversation histories.

In addition, they collected URLs from open browser tabs, search queries, session identifiers, and other sensitive authentication data. Such activity could have resulted in the exposure of internal corporate domains and details about organizational IT infrastructures. Depending on how affected users interacted with AI tools, the compromised data may have included source code, personal data, confidential business information, and legal content. OX Security warns that this type of data can be abused for corporate espionage, identity theft, or targeted phishing campaigns.

The malicious extensions have since been removed from the Google Chrome Web Store, and users are advised to uninstall them immediately and review the security of their systems.