Skip to main content

Nearly a Million Chrome Users Hit by Sneaky AI Chat Thieves

Malicious Extensions Hijack AI Conversations

Security researchers at OX Security have uncovered a disturbing trend affecting Chrome browser users worldwide. What appears to be innocent productivity tools are actually sophisticated data thieves, pilfering sensitive conversations from popular AI platforms like ChatGPT and DeepSeek.

How the Attack Works

The malicious extensions operate with frightening efficiency. After gaining installation approval by requesting seemingly harmless "analytics data" permissions, they spring into action whenever users visit AI chat services. Using Chrome's API capabilities, they monitor tab activity in real-time, waiting for the perfect moment to strike.

When detecting an active ChatGPT or DeepSeek session, these digital pickpockets employ clever technical maneuvers:

  • DOM manipulation to extract both user prompts and AI responses
  • Session tracking that links conversations across multiple visits
  • Complete URL logging that maps users' entire browsing habits

"This isn't just about reading chats," explains OX Security analyst Mark Reynolds. "Attackers are building comprehensive profiles that reveal workplace patterns, confidential projects, even personal interests."

The Scale of Exposure

The numbers tell a sobering story:

  • Over 900,000 confirmed installations of compromised extensions
  • Data funneled to unknown servers through encrypted channels
  • Potential access to corporate networks when business accounts are affected

The stolen information creates dangerous ripple effects beyond simple privacy violations. Competitors could gain trade secrets. Hackers might uncover password hints or security question answers buried in casual conversations.

Protecting Yourself and Your Organization

The threat demands immediate action:

  1. Audit your extensions - Remove any unfamiliar or unnecessary add-ons immediately
  2. Implement whitelisting - Only permit vetted extensions approved by IT teams
  3. Monitor data flows - Use endpoint protection tools to spot unusual activity
  4. Educate employees - Many breaches start with well-meaning staff installing "helpful" tools
  5. Consider DLP solutions - Data Loss Prevention software can block sensitive info from leaving your network

The OX Security team emphasizes that browser extensions represent one of today's most overlooked security vulnerabilities. "We trust these little tools," notes Reynolds, "but they often have frightening levels of access to our digital lives."

Key Points:

  • 🚨 Nearly a million Chrome users unknowingly installed chat-stealing extensions
  • 🔓 Malware captures complete conversation histories from AI platforms
  • 🏢 Corporate data at particular risk due to employee usage patterns
  • 🛡️ Whitelisting and employee education offer strongest protection

Enjoyed this article?

Subscribe to our newsletter for the latest AI news, product reviews, and project recommendations delivered to your inbox weekly.

Weekly digestFree foreverUnsubscribe anytime

Related Articles

Firefox Fights Back: New Version Lets Users Block AI Features With One Click
News

Firefox Fights Back: New Version Lets Users Block AI Features With One Click

In a bold move against the AI integration trend, Mozilla's Firefox 148 introduces an 'AI kill switch' giving users full control. The update also fixes productivity bugs and expands translation features, while marking the end of support for older Windows systems. It's a refreshing stance in today's AI-dominated browser wars.

February 24, 2026
FirefoxBrowser TechnologyAI Privacy
News

Popular Chrome AI Extensions Caught Secretly Harvesting User Data

A startling investigation reveals more than half of Chrome's AI-powered extensions are collecting user data without full transparency. Programming assistants and transcription tools top the list of privacy offenders, with household names like Grammarly and Quillbot raising eyebrows. Experts warn users to scrutinize permission requests before installing these productivity boosters.

February 5, 2026
Browser SecurityAI PrivacyData Protection
Firefox 148 Puts AI Control Back in Your Hands
News

Firefox 148 Puts AI Control Back in Your Hands

Mozilla's Firefox 148 introduces groundbreaking AI features while prioritizing user choice. Unlike competitors forcing AI integration, Firefox offers a simple toggle to disable all artificial intelligence functions. The update brings smart browsing assistants from major providers, productivity tools, and enhanced privacy protections - all optional. Set for February 24 release, this move reinforces Firefox's commitment to putting users first in the AI revolution.

February 4, 2026
FirefoxAI PrivacyBrowser Technology
Major Security Flaw Leaves Thousands of AI Accounts Vulnerable
News

Major Security Flaw Leaves Thousands of AI Accounts Vulnerable

A shocking discovery has exposed sensitive data belonging to nearly 150,000 AI accounts on Moltbook, a platform often called 'AI Reddit.' Security researcher Jameson O'Reilly found the platform's entire database was publicly accessible due to a basic configuration error. This breach could allow attackers to hijack AI accounts, including influential ones with millions of followers. The incident highlights growing concerns about security shortcuts in AI development.

February 2, 2026
CybersecurityArtificial IntelligenceData Breach
Major Security Flaws Found in Popular AI Platforms
News

Major Security Flaws Found in Popular AI Platforms

Security researchers have uncovered alarming vulnerabilities in OpenClaw and Moltbook, two widely used AI platforms. Tests reveal shockingly easy access to sensitive data, with prompt injection attacks succeeding 91% of the time. Experts warn these flaws could allow hackers to impersonate high-profile users and steal critical information.

February 2, 2026
AI SecurityData BreachCybersecurity
ChatGPT's Temporary Chats Get Smarter While Keeping Secrets
News

ChatGPT's Temporary Chats Get Smarter While Keeping Secrets

OpenAI has upgraded ChatGPT's Temporary Chat feature to remember user preferences without storing conversation history. This breakthrough balances personalization with privacy, letting users maintain their style while keeping sensitive chats truly temporary. Alongside this update, OpenAI introduced an age prediction model to filter content for younger users.

January 26, 2026
ChatGPTAI PrivacyOpenAI Updates

Popular Articles

1

TSMC Reports Record Revenue, AI Growth Fuels Optimism for 2025

News2

Anthropic Bolsters AI Safety with Humanloop Team Acquisition

News3

OpenAI Unveils Sora 2 Video Model and Social App

News4

Plaud AI Pro Launches with 30-Hour Battery and Smart Screen

News5

SoulX-Podcast AI Model Revolutionizes Long-Form Voice Generation

News