Popular Chrome Browser Extension Found Intercepting Millions of Users’ AI Conversations

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Popular Chrome Browser Extension Found Intercepting Millions of Users’ AI Conversations

Security researchers discovered that a widely installed Chrome extension was capturing and transmitting AI chat data without clear user awareness.

Discovery of the Data Interception

Security researchers recently uncovered a serious privacy issue involving a featured Chrome browser extension. The extension, widely promoted for productivity and AI-related enhancements, had access to millions of users. As a result, a large volume of AI chat conversations became exposed.

During analysis, researchers observed that the extension monitored interactions with popular AI chat platforms. Instead of limiting processing to the user’s device, it transmitted chat content to external servers. Consequently, sensitive prompts and AI-generated responses left the browser environment.

How the Extension Collected AI Chats

The extension injected scripts into web pages that hosted AI chat interfaces. Therefore, it could read user inputs and AI responses in real time. Each interaction triggered background network requests that sent the data to third-party endpoints.

Although the extension’s documentation mentioned data collection, it failed to explain the extent of AI chat interception. Moreover, it did not clearly describe how long the data remained stored or how it was protected. This lack of transparency raised significant concerns.

Privacy and Security Risks

AI chat conversations often contain confidential information. Users frequently share internal business data, credentials, and personal details. As a result, interception of these conversations creates serious privacy and compliance risks.

If attackers access the collected data, they could exploit it for account compromise, targeted phishing, or corporate espionage. Additionally, organizations using AI tools internally face elevated risk when employees install unvetted extensions.

What Users and Organizations Should Do

Security experts recommend reviewing all installed browser extensions immediately. Users should remove extensions that request broad permissions or lack clear privacy disclosures. Furthermore, organizations should restrict extension installation through endpoint and browser management policies.

Users should also favor extensions from trusted vendors only. At the same time, developers must adopt transparent data-handling practices. Without these changes, browser extensions will continue to pose hidden security risks.

Over 20,000 Instagram Accounts Hijacked Through Meta AI Support Flaw

Nottingham University Data Breach Exposes Records of More Than 450,000 Students

DragonForce Ransomware Hides C2 Traffic Inside Microsoft Teams Infrastructure

North Korean Hackers Weaponize Developer Tools to Turn Code Workflows Into Malware Delivery Channels

Anthropic Unveils Claude Fable 5 with Built-In Cyber Safeguards as AI Security Enters a New Era

ATHR AI Vishing Platform Automates Voice Phishing at Scale

How Modern Businesses Can Measure Cyber Risk in Financial and Operational Terms Instead of Technical Guesswork

What Is Wiper Malware in Cybersecurity? Understanding One of the Most Destructive Types of Cyber Attacks

Why Delaying Software Updates Can Put Your Entire Digital Security at Risk

How Attackers Abuse Legitimate Windows Tools: Understanding LOLBins and Living-Off-the-Land Attacks

Brave Launches Paid ‘Origin’ Browser for Users Seeking a Cleaner, Privacy-First Experience

Apple Blocks $11 Billion in App Store Fraud as Mobile Threats Continue to Rise

Popular Chrome Browser Extension Found Intercepting Millions of Users’ AI Conversations