When AI Tools Turn Against You: The Chrome Extension Privacy Breach Affecting 900,000 Users
In a stark reminder that convenience can come with a hidden cost, cybersecurity researchers recently uncovered a major privacy breach involving two malicious Google Chrome extensions that collectively had over 900,000 installations. These extensions were quietly collecting users’ private conversations with popular AI tools like OpenAI’s ChatGPT and DeepSeek, along with other sensitive browsing data and sending it to servers under the control of unknown threat actors.
What Happened?
The incident came to light in late December 2025, when researchers from OX Security discovered that two browser extensions available on the official Chrome Web Store were engaging in covert data exfiltration. Despite being marketed as useful AI productivity tools, the extensions “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude and more” contained hidden malicious capabilities.
Users were encouraged to install these add-ons with the promise of easy access to AI models directly from their browser. One of the extensions even carried Google’s “Featured” badge, which falsely suggested legitimacy and trustworthiness.
However, once installed, they requested broad permissions under the guise of “anonymous analytics.” In reality, these permissions enabled the extensions to monitor active browser tabs continuously, extract entire AI chatbot conversations, and collect full URLs of open tabs, session tokens, and other browsing metadata. Every 30 minutes, the harvested data was sent to remote command-and-control servers that the attackers controlled.
Why This Matters
The breach is significant not just because of the number of users affected, but because of the type of information exposed. AI chat conversations often contain deeply personal details: users may discuss health issues, legal problems, financial data, business strategies, proprietary code, passwords, account recovery information, or other sensitive subjects. In some cases, data stolen in incidents like this can fuel identity theft, corporate espionage, targeted phishing campaigns, or even blackmail.
Moreover, this breach highlights a broader ecosystem problem: malicious actors are exploiting the growing demand for AI tools by disguising malware as legitimate extensions. The tactic – sometimes referred to as “prompt poaching” – lures users with the promise of enhanced AI interaction while secretly capturing every interaction the user has with the service.
How It Got Past Chrome’s Defenses
The fact that one of the malicious extensions carried a “Featured” badge is particularly troubling. It suggests gaps in Google’s vetting and review processes – gaps that attackers can exploit by creating extensions that behave normally or legitimately in some respects while embedding stealthy data-stealing routines behind the scenes.
What You Should Do Now
If you use Chrome and have installed any AI-related extensions, particularly ones that offer sidebar AI chats or broad permissions to read website content:
- Immediately review your extensions and uninstall anything you don’t recognize or actively use.
- Check your browsing and AI service accounts for unusual logins or activity.
- Avoid third-party browser extensions for sensitive AI work – if possible, access services directly via official websites or apps.
Final Thoughts
This incident serves as a powerful wake-up call for both users and developers. As AI tools become more embedded in our daily lives, privacy and security cannot be afterthoughts. Trusting third-party software – especially extensions with deep access to your browser activity – without careful scrutiny can expose you to devastating data breaches. Staying informed and vigilant is the best defense in a world where even helpful-sounding tools can conceal harmful intentions
Sources
https://www.dataprise.com/resources/defense-digest/malicious-ai-chrome-extensions-data-exfiltration
https://www.esecurityplanet.com/threats/900000-users-hit-as-chrome-extensions-steal-ai-chat-data
https://www.truesec.com/hub/blog/chrome-extension-steal-chatgpt-and-deepseek-conversations