Chrome Extensions Steal ChatGPT Session Tokens

Security researchers at LayerX have uncovered 16 malicious Chrome extensions masquerading as ChatGPT productivity tools that steal users' authentication tokens and hijack sessions. The extensions, still listed on the Chrome Web Store at discovery, have about 900 combined downloads and exfiltrate session tokens to attacker-controlled servers. Users should remove suspicious ChatGPT extensions, change OpenAI passwords, and audit connected services immediately.