Chrome Extensions Steal Users' API Keys

LayerX Security reported this week that 32 malicious Chrome extensions installed by at least 260,000 users purport to be AI assistants but exfiltrate API keys, email messages, and other personal data. They all contact infrastructure under the tapnetic.pro domain, impersonate chatbots like ChatGPT and Gemini, and many remain available on the Chrome Web Store, creating broad data-exfiltration risk.