What happened
Two Chrome extensions were caught stealing ChatGPT and DeepSeek chats from over 900,000 users. Researchers at PrismSec discovered that extensions “ChatEnhancer” and “DeepSeek Plus” exfiltrated conversation data to attacker-controlled servers. The malicious code harvested prompts, responses, and metadata from browser sessions, sending the information via HTTPS POST requests. Both extensions were downloaded through the Chrome Web Store and appeared legitimate. Exploitation exposed AI interaction logs, which could reveal sensitive business, personal, or research information.
Who is affected
End users of the Chrome extensions, including AI practitioners, businesses, and individuals, faced direct data exfiltration and potential secondary compromise.
Why CISOs should care
Browser extension compromise risks data leakage, intellectual property theft, and privacy violations, especially for enterprises using AI tools in workflows.
3 practical actions
Remove malicious extensions: Audit and uninstall risky browser extensions immediately.
Monitor sensitive AI interactions: Track unusual access or export of ChatGPT or DeepSeek data.
Educate employees: Raise awareness about extension risks and secure installation practices.