Researchers have uncovered two malicious Chrome extensions with over 900,000 users that steal ChatGPT and DeepSeek chat conversations along with browsing data, sending this information to remote servers. These extensions impersonate legitimate tools, request permissions under false pretenses, and exfiltrate sensitive data, posing significant privacy and security risks. The discovery highlights the growing threat of prompt poaching and the need for users to be cautious about extension permissions and sources.
Google has removed 32 malicious extensions from the Chrome Web Store that had a collective download count of 75 million. The extensions could alter search results and push spam or unwanted ads. Cybersecurity researcher Wladimir Palant discovered that the extensions featured legitimate functionality to keep users unaware of the malicious behavior that came in obfuscated code to deliver the payloads. Avast reported the extensions to Google after confirming their malicious nature, and expanded the list to 32 entries. The extensions were adware that hijacked search results to display sponsored links and paid results, sometimes even serving malicious links.
