Chrome Extensions Steal Chats from 900,000 Users
Researchers have uncovered two malicious Chrome extensions with over 900,000 users that steal ChatGPT and DeepSeek chat conversations along with browsing data, sending this information to remote servers. These extensions impersonate legitimate tools, request permissions under false pretenses, and exfiltrate sensitive data, posing significant privacy and security risks. The discovery highlights the growing threat of prompt poaching and the need for users to be cautious about extension permissions and sources.