Chrome Extensions Exfiltrate 900K Users' Conversations
OX Security researchers on Jan. 7, 2026, discovered two rogue Chrome extensions that have compromised over 900,000 users by exfiltrating ChatGPT and DeepSeek conversations and full browsing histories to attacker servers. The malware impersonated the legitimate AITOPIA AI sidebar, and one fake extension even earned Google's "Featured" badge. The report highlights significant privacy exposure and potential deficiencies in Chrome Web Store vetting processes.
Key Points
- 1Exfiltrate: Two Chrome extensions stole ChatGPT and DeepSeek conversations from over 900,000 users.
- 2Impersonate: Malware mimicked AITOPIA AI sidebar; one fake earned Google's 'Featured' badge.
- 3Implication: Attackers received full browsing histories, exposing sensitive context and privacy across accounts.
Scoring Rationale
Official OX Security finding with large-scale user exposure and clear privacy impact, offering verifiable evidence and urgent remediation needs.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems