Researchers have uncovered two malicious Chrome extensions that harvest conversations with generative chatbots and send the data to their developers. The tools, discovered by OX Security and reported by CyberInsider, mimic a legitimate extension called AITOPIA and have accumulated almost one million downloads in total.
Chrome extensions spy chatbot conversations
The extensions, named “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude and much more”, intercept user messages sent to chatbots such as ChatGPT and DeepSeek. According to OX Security’s analysis, the malicious code collects the contents of these conversations and transmits them to the developers every 30 minutes. The tools may also monitor the content of all open tabs in the browser.
Security analysts say the threats are relatively sophisticated. Each installation generates a unique token that can identify a particular user. That allows attackers to build profiles and carry out targeted scams or spearphishing campaigns.
Perhaps most concerning is that both extensions currently display the Chrome Web Store “Featured” badge. That designation is typically awarded to extensions that meet Google’s recommended practices. OX Security notified Google of the issue on 29 December and Google said it was evaluating the report. At the time of publication the extensions remained available for download.
The campaign appears to capitalise on the popularity of browser tools that provide quick access to multiple generative AI chatbots. By imitating AITOPIA, which offers legitimate integration with several services, the malicious extensions increased their chances of being installed by unsuspecting users.
What users should do now
If you have installed either extension, remove it from Chrome immediately. After removal, clear your browser’s cache and site data, change passwords for any accounts accessed while the extension was installed and monitor for unusual activity. Users should also enable two factor authentication on critical accounts and be cautious about unsolicited communications that reference personal details.
When installing browser extensions, prefer those published by known developers and check recent reviews and update history. A high download count or a featured badge is not a guarantee of safety. Security professionals recommend running extensions with the least privileges necessary and periodically auditing installed add ons.
Broader implications for privacy and trust
This episode highlights the risk that browser extensions can pose to privacy, especially as conversational AI becomes more embedded in everyday workflows. Enterprises that allow browser extensions on corporate machines should enforce strict policies and consider whitelisting trusted tools only.
OX Security’s disclosure and Google’s review are steps toward containment. Still, the incident serves as a reminder that users must remain vigilant about what they grant access to and that security teams should treat extensions as a potential attack vector.
For now, the immediate actions are straightforward. Remove suspicious extensions, clear browsing data, update passwords and report any unusual activity. Those measures will reduce exposure while platform providers investigate and remove the offending extensions from the store.
Key Takeaways:
- Two malicious Chrome extensions impersonating a legitimate tool have nearly one million combined downloads.
- Extensions collect and transmit users’ chatbot conversations and monitor open tabs without consent.
- OX Security reported the threats to Google on 29 December and the extensions still appear in the Chrome Web Store.
- Users should remove the extensions, clear browser data and avoid unknown developers even if an extension is “Featured”.
