Security researchers have uncovered malicious AI Chrome extensions that secretly collect conversations from popular chatbot platforms. The extensions targeted users of tools such as ChatGPT and DeepSeek.
At first glance, the extensions appeared to offer helpful AI features inside the browser. Many users installed them to simplify access to multiple AI assistants. However, the tools quietly harvested sensitive information from user conversations.
Investigators found that the extensions gathered chat data and transmitted it to remote servers. The discovery highlights growing risks connected to AI integrations inside web browsers.
Malicious Extensions Reached Hundreds of Thousands of Users
Researchers identified two extensions responsible for the data collection. Together, the tools reached more than 900,000 installations before the activity came to light.
One extension promoted itself as an all-in-one AI assistant that supported multiple chatbots. The second tool presented itself as a sidebar that provided quick access to different AI services.
Both extensions appeared legitimate inside the Chrome Web Store. One even carried a featured badge, which made the software look more trustworthy to users.
Because of this presentation, many users installed the tools without suspecting any malicious behavior.
Chat Conversations Were Quietly Collected
The extensions used scripts that interacted directly with AI chatbot pages. Once active, they could intercept messages sent between the user and the AI service.
This allowed the extensions to capture both prompts and generated responses. In practice, this meant attackers could obtain complete conversation records.
Researchers also discovered that the extensions gathered browsing information from open tabs. The collected data was packaged and transmitted to remote servers at regular intervals.
This background activity allowed attackers to harvest information without obvious signs of compromise.
Sensitive Information May Have Been Exposed
AI chat conversations often contain sensitive information. Many users rely on chatbots to analyze code, summarize internal documents, or draft professional messages.
In corporate environments, employees may paste confidential material into AI prompts. If malicious extensions intercept these exchanges, attackers can access valuable intellectual property.
The incident shows how browser extensions can become powerful surveillance tools. Once installed, they operate with broad permissions inside the browser environment.
Browser Extensions Create New Security Risks
The discovery highlights a growing challenge in modern cybersecurity. AI integrations inside browsers often require extensive permissions to function properly.
These permissions allow extensions to read webpage content and interact with active sessions. If attackers abuse those capabilities, they can collect large amounts of user data.
Security experts warn that organizations should carefully evaluate browser extensions used by employees. Even tools that appear legitimate may hide harmful functionality.
Conclusion
Malicious AI Chrome extensions demonstrate how easily attackers can exploit trusted browser tools. By disguising themselves as helpful AI assistants, the extensions reached hundreds of thousands of users.
Once installed, the software intercepted AI chatbot conversations and browsing activity. That information was quietly sent to remote servers controlled by attackers.
The incident serves as a reminder that browser extensions can introduce serious security risks. Users and organizations must carefully review extension permissions and avoid installing unnecessary tools.
0 responses to “AI Chrome Extensions Steal Chat Data from Popular AI Tools”