Cybersecurity researchers have unearthed two browser extensions on the Chrome Web Store that threaten user privacy. The malicious extensions, employed to collect sensitive information from users’ browser activities and conversations on platforms like OpenAI’s ChatGPT and DeepSeek, have already accumulated over 900,000 installs. These extensions demonstrate the growing risks associated with the use of third-party browser tools and their potential exploitation by cybercriminals.
Identified Chrome Extensions and Their Reach
The cybersecurity community has identified “Chat GPT for Chrome with GPT-5” and “Claude Sonnet & DeepSeek AI” as the malicious extensions. These invasive tools have been identified as collecting data from conversations carried out on ChatGPT and DeepSeek, alongside users’ broader browsing habits. The consequences of such surveillance could include unauthorized access to sensitive information such as personal discussions or business transactions, which these platforms facilitate.
Mechanism of Data Exfiltration
The extensions operate by intercepting web traffic generated during users’ interactions with ChatGPT and DeepSeek, collecting and funneling these conversations and browsing information to external servers controlled by the attackers. This data is then potentially used for malicious purposes or sold on data black markets. Analysis suggests that exploiting browser extensions provides a covert method for surveillance and data gathering, bypassing more traditional cybersecurity defenses.
User Impact and Responsibility
With a cumulative user base exceeding 900,000, the reach of these extensions is significant. Users may unknowingly expose themselves to considerable privacy risks by installing such extensions. This situation calls for heightened awareness among users about the permissions they grant to browser extensions and the potential security risks associated with them. It emphasizes the obligation of software platform providers to enhance their vetting processes to prevent nefarious extensions from reaching users.
Proactive Steps for Cybersecurity Enhancement
Addressing such vulnerabilities requires a multi-faceted approach:
- Regular audits of extension permissions to ensure compliance with privacy standards.
- Educating users on identifying and reporting suspicious extensions.
- Strengthening platform policies to screen and approve extensions before public availability.
Understanding the threats posed by malicious browser extensions is crucial for protecting sensitive information. Users and developers must remain vigilant, as threat actors increasingly target platforms with substantial user bases. Safeguarding digital interactions and maintaining robust cybersecurity practices are non-negotiable in mitigating these risks.
