Cybersecurity researchers have newly discovered two malicious Chrome extensions designed explicitly to exfiltrate OpenAI ChatGPT and DeepSeek conversation histories, along with browsing data, to attacker-controlled servers. It was determined that these two extensions collectively had been installed by over 900,000 users.
This incident highlights the crucial importance of client-side security in the modern era of rapidly growing AI chat service usage. The stolen conversation logs are highly likely to contain corporate confidential information handled by users during work, personal financial details, or prompts related to ongoing development projects, presenting a significant risk of misuse.
As Web3.0 security specialists, we cannot overlook how the leakage of such sensitive data indirectly impacts asset protection. Information stolen this way allows for more sophisticated and personalized Phishing Scams and social engineering attacks. Specifically, if a user inquired with the AI regarding their wallet information or Seed Phrases, the situation could escalate into a direct threat to their digital assets.
Users must rigorously verify the credibility of the provider and the permissions requested by extensions before installation from the Chrome Web Store. It is essential to reaffirm that browser security serves as the first line of defense for protecting digital assets.
コメント