Managing browser extension exploits

Writing in 2026 about browser extension exploitation is like watching an old dog perform new tricks: familiar mechanics, but refined, faster, and more effective than before. 

 

A newly uncovered malware campaign abusing Google Chrome extensions has highlighted a growing and often underestimated enterprise risk: browser extensions as a stealthy data-exfiltration channel. According to recent reporting, nearly a million users may have been affected, with attackers using malicious or hijacked extensions to siphon off chat logs and other sensitive browser-based communications.

 

While browser extensions are widely trusted as productivity tools, this campaign underscores a hard truth for security teams: extensions operate with powerful privileges, often outside traditional endpoint and network monitoring controls. When abused, they provide attackers with direct, persistent access to some of the most sensitive data users interact with daily. 

 

What are browser extensions?

Browser extensions are small software add-ons designed to extend the functionality of web browsers, enabling features such as password management, ad blocking, translation, accessibility support, developer tooling, and workflow automation. Since their introduction in the early 2000s, they have become enormously popular because they integrate directly into users’ daily browsing experience and require little effort to install or maintain.

 

Over time, extensions evolved from simple interface enhancements into powerful, scriptable components with deep access to web content, cookies, form inputs, and authenticated user sessions. That same flexibility that makes them valuable productivity tools also places them in an ambiguous position from a security perspective, as extensions often operate with extensive privileges but without the visibility or controls typically applied to traditional applications.

 

This risk has materialised repeatedly in dozens of real-world incidents. In 2018, a malicious update to a widely used accessibility extension injected cryptomining code into thousands of governments and public-sector websites, including major UK public institutions. More recently, security teams have documented campaigns involving malicious or hijacked extensions designed to steal credentials, session cookies, and chat content from cloud productivity suites and web-based messaging platforms.

 

Taken together, these cases reveal a consistent pattern: browser extensions are frequently abused as trusted supply-chain components, transforming everyday convenience tools into stealthy, high-impact attack vectors. 

 

What happened this time?

OX Security researchers discovered 2 popular Chrome extensions called “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI”, and “AI Sidebar with Deepseek, ChatGPT, Claude, and more” with collectively a little less than 1 million users and one of them is also with a Google Chrome Featured badge.

 

The researchers discovered that these Chrome extensions intercept ChatGPT and DeepSeek conversations and data as well as search engine data and exfiltrate it to a C2 server controlled by the hackers.

 

The Chrome extensions sit in a uniquely privileged position within the browser. Once installed, they can read and modify content on web pages, access browser storage, monitor user activity, and communicate externally. All these actions happen without the friction typically associated with malware installation.

 

Attackers exploit this in several ways: 

1. Malicious extensions disguised as legitimate tools. Threat actors publish extensions that appear benign (such as AI helpers, productivity boosters, or security utilities) but contain hidden data-harvesting logic. Once installed, these extensions quietly collect chat content from platforms like web-based messengers, collaboration tools, or social networks.
2. Supply-chain hijacking of trusted extensions. In more sophisticated cases, attackers compromise an already-popular extension through stolen developer credentials or a poisoned update. Because the extension is already trusted and widely deployed, the malicious update spreads rapidly and silently.
3. Over-permissioned extension models. Many legitimate extensions request far broader permissions than strictly necessary. This creates fertile ground for abuse if the extension is later compromised or repurposed, enabling access to chat windows, form inputs, cookies, and session data. 

What makes this especially dangerous is that the activity often blends in with normal browser behaviour. From the user’s perspective, nothing appears wrong. No pop-ups, crashes, or suspicious prompts. 

 

Why AI chat logs are such a valuable target?

AI Chat logs are a goldmine for attackers. Beyond personal conversations, enterprise chat platforms frequently contain: 

• Credentials and API keys
• Password reset links and MFA prompts
• Sensitive business logic or data
• Customer data and internal incident details
• Links to internal tools and cloud resources 

Today, AI chat applications are widely used by everyone for everyday practices from personal to business purposes. In addition, AI chat systems are often less regulated, less logged, and less monitored. When attackers gain silent read access, they can build long-term intelligence profiles without triggering obvious alarms.

 

How organisations can identify the risk

The biggest challenge for defenders is visibility. Many organisations have strong endpoint protection, but little insight into browser extension behaviour. To identify exposure, security teams should focus on several key areas: 

1. Disabling browser extensions. While this is a possibility, but rarely practical. Modern workflows rely heavily on extensions for password management, accessibility, development, security tooling, and productivity.
2. Using safe browsers. Enterprise browsers were designed specifically to close the visibility and control gaps that exist in consumer browsers. Rather than relying solely on endpoint agents or network controls, these browsers embed security enforcement directly into the browsing environment itself - where extensions actually execute.
3. Extension inventory and provenance. Organisations should maintain a clear inventory of installed browser extensions across managed devices. Known malicious, unknown, rarely used, or newly installed extensions (especially those requesting broad permissions) deserve immediate scrutiny.
4. Permission analysis. Extensions that can “read and change all data on all websites” or access browser storage should be treated as high risk. Excessive permissions are not inherently malicious, but they dramatically increase blast radius.
5. Network egress monitoring. While extension traffic often uses HTTPS, unusual outbound connections — particularly to newly registered or low-reputation domains — can be an indicator of exfiltration.
6. Behavioural anomalies. Sudden spikes in browser-originated outbound traffic, especially when users are idle, may point to background data harvesting.
7. Threat intelligence correlation. Many malicious extensions reuse infrastructure, code patterns, or monetisation tactics seen in prior campaigns. Integrating threat intelligence into browser risk assessments can help surface these links earlier. 

 

What security teams can do to reduce the risk

Preventing browser-based data theft requires shifting mindset. Browsers should be treated as security-critical execution environments, not just user interfaces.

 

Key defensive steps include: 

1. Restrict extension installation by default. Enterprises should move from “allow all” to “allow by policy.” Approved extension allowlists significantly reduce exposure without blocking productivity.
2. Enforce least-privilege extension permissions. Where possible, mandate extensions that request minimal permissions. Regularly review updates that expand permission scope.
3. Centralised browser management. Managed browser configurations allow security teams to control extension usage, disable risky APIs, and rapidly respond to emerging threats.
4. User education. Users should understand that extensions are effectively small applications with deep access. Framing this as a shared security responsibility improves reporting and compliance.
5. Incident response playbooks for browser compromise. Many IR plans focus on endpoints and servers but lack guidance for browser-level incidents. Playbooks should include extension removal, session invalidation, credential rotation, and chat-platform review. 

A broader lesson for defenders

This campaign is not an isolated anomaly. It’s part of a broader trend where attackers target trusted layers of the software ecosystem rather than exploiting low-level vulnerabilities. As browsers continue to absorb more business-critical workflows, they become high-value targets by default.

 

For security teams, the lesson is clear: if it can access sensitive data, it must be monitored, governed, and defended accordingly. Browser extensions may feel small, but at scale, they represent one of the quietest and most effective data-exfiltration paths attackers currently have.

 

---

 

Assaf Morag is a cyber-security researcher at Flare

 

Main image courtesy of iStockPhoto.com and brightstars