Browser extensions with more than 8 million installs are harvesting users’ complete and extended AI conversations and selling them for marketing purposes, according to data collected from the Google and Microsoft pages hosting them.

Security firm Koi discovered the eight extensions, which as of late Tuesday night remained available in both Google’s and Microsoft’s extension stores. Seven of them carry “Featured” badges, which are endorsements meant to signal that the companies have determined the extensions meet their quality standards. The free extensions provide functions such as VPN routing to safeguard online privacy and ad blocking for ad-free browsing. All provide assurances that user data remains anonymous and isn’t shared for purposes other than their described use.

A gold mine for marketers and data brokers

An examination of the extensions’ underlying code tells a much more complicated story. Each contains eight of what Koi calls “executor” scripts, with each being unique for ChatGPT, Claude, Gemini, and five other leading AI chat platforms. The scripts are injected into webpages any time the user visits one of these platforms. From there, the scripts override browsers’ built-in functions for making network requests and receiving responses.

Read full article

Comments

© Getty Images

A Chrome browser extension with 6 million users, as well as seven other Chrome and Edge extensions, for months have been silently collecting data from every AI chatbot conversion, packaging it, and then selling it to third parties like advertisers and data brokers, according to Koi Security.

The post Google Chrome Extension is Intercepting Millions of Users’ AI Chats appeared first on Security Boulevard.

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware.

The post ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users appeared first on Security Boulevard.

EmanRTM asks the British public some general knowledge questions: What is the past tense for 'choose'?, What is the length of a 40 ft container?, What is your older brothers father to you?