In a technical analysis by OX Security researchers found two malicious Chrome extensions on the Chrome Web Store that exfiltrate ChatGPT and DeepSeek conversations and all open tab URLs every 30 minutes. The extensions had a combined 900,000 users.
KEY FACTS
- Incident Two Chrome extensions captured AI chat text and tab URLs
- Extensions “Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI” and “AI Sidebar with Deepseek, ChatGPT, Claude, and more.”
- Users Combined installations about 900,000
- Exfiltration Data sent to external servers on a 30 minute schedule
The two add ons include one with about 600,000 users and an other with about 300,000 users. One extension lost a Featured badge but both were available on the store at the time of the analysis.
The extensions request permission for “anonymous, non identifiable analytics” then harvest chat content by locating specific DOM elements on AI chat pages. Captured messages are stored locally and later transmitted to domains such as chatsaigpt.com and deepaichats.com. Some infrastructure components and privacy pages are hosted via third party web platforms.
Because the add ons impersonate a legitimate AI chat aggregator extension they can reach large user counts before detection. The report links the behavior to broad data collection that can include prompts, conversation outputs and internal URLs, creating exposure of confidential material.
Users are advised to remove suspicious extensions, avoid installing add ons from unknown publishers and not enter sensitive data into web chat tools when a risky extension is installed. It is unclear whether the extensions violate specific store rules or how long data has been collected.
WHY IT MATTERS
Exposed AI chat conversations and browsing activity can reveal business secrets, personal information and internal URLs. Organizations and individuals should audit installed browser extensions and remove any that request broad data access.