Malicious Chrome Extensions Steal ChatGPT and DeepSeek Chats from Over 900,000 Users

Cybersecurity researchers recently uncovered two malicious extensions on the Chrome Web Store that had collectively amassed over 900,000 users. These extensions were meticulously designed to exfiltrate highly sensitive AI chat history—specifically conversations from OpenAI ChatGPT and DeepSeek—along with general browsing data, routing them to servers controlled by the attackers. This incident represents a serious case illustrating how the powerful permissions granted to browser extensions can severely compromise digital privacy. One of the extensions identified was titled “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI,” which enjoyed high popularity. While browser extensions offer significant utility, when exploited by malicious actors, they become potent information-gathering tools. Users must rigorously review the access permissions they grant to any extension and remain vigilant for suspicious behavior. Data leakage through this type of malware, especially if it involves sensitive information or credentials, could ultimately lead to significant security vulnerabilities.