A critical cybersecurity incident highlights the growing risks associated with third-party browser extensions. Researchers have uncovered two highly popular, yet malicious, extensions on the Chrome Web Store that collectively amassed over 900,000 installations. These tools, including one partially named “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI,” were explicitly designed to steal user conversations from major AI platforms—specifically OpenAI’s ChatGPT and DeepSeek—alongside general browsing activity. All stolen data was immediately transmitted to servers controlled by the attackers. For the Web3 community, this breach serves as a severe warning. Users often discuss sensitive topics with AI, such as smart contract analysis, trading strategies, or technical debugging related to private keys and wallets. The unauthorized exfiltration of such context poses a direct threat to digital asset security and privacy. We strongly advise adhering to the principle of least privilege, minimizing the installation of non-essential extensions, and double-checking the permissions requested by any AI-related browser add-ons.
Source: Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users
コメント