%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Recently, researchers at OX Security discovered that over 900,000 Chrome users have unknowingly exposed sensitive AI conversation content by installing malicious browser extensions disguised as legitimate productivity tools. This incident highlights how the trusted browser ecosystem can be subtly exploited to steal proprietary data, personal information, and corporate intelligence on a large scale.
Once installed, these malicious extensions request "anonymous, non-identifiable analytics data" to gain permission, but in reality, they silently extract the full content of ChatGPT and DeepSeek sessions in the background. Researchers pointed out that these extensions monitor user tab updates and page loads in real time through Chrome's API, allowing them to observe when users access AI platforms. When detecting a target page, the extension dynamically interacts with the web page's Document Object Model (DOM) to directly extract sensitive information from browsing sessions, including user input prompts, AI-generated responses, and metadata related to the session.
The stolen data is aggregated using unique identifiers, enabling attackers to link conversations across sessions and build detailed user profiles. Additionally, the extensions collect the full URLs of all open Chrome tabs, allowing attackers to understand users' browsing habits, internal applications, and potential sensitive enterprise resources.
To reduce the risks posed by AI browser extensions, enterprises need to implement multi-layered protective measures. First, they should immediately remove the malicious extensions and check endpoint data for affected users. Second, it is recommended to treat browser extensions as a controlled attack surface, implement a whitelist policy, and re-validate extensions when there are changes in permissions or ownership. In addition, enterprises can use endpoint and browser management tools to prevent unauthorized extension installations and apply Data Loss Prevention (DLP) controls to detect and restrict the exposure of sensitive data shared with AI platforms.
Key Points:
🌐 Over 900,000 Chrome users have leaked sensitive AI conversation content due to installing malicious extensions.
🔍 Malicious extensions exploit disguised permissions to monitor user activity and extract data to obtain complete session information.
🛡️ Enterprises need to take immediate protective measures to prevent browser extensions from becoming a risk for data theft.