How did 900K users get their ChatGPT conversations stolen through a Chrome extension?

Two fake AI sidebar extensions impersonating AITOPIA were installed by 900K users and silently sent full conversation histories to attacker servers every 30 minutes. One extension even carried Google's Featured badge.

Is there a tool to check if a Chrome extension is safe before installing?

ExtensionShield, TrustScan, and Extension Auditor Pro are early-stage tools. None has significant adoption. Google's own vetting process demonstrably failed to catch extensions with 900K users.

How do malicious extensions pass Chrome Web Store review?

Attackers disguise data exfiltration as anonymous analytics. Review manipulation (fake 4-5 star reviews) builds false trust. Ownership transfer attacks buy legitimate extensions and push malicious updates after months of normal use.

How many Chrome extensions were caught spying in 2026?

In February 2026, researchers found 287 Chrome extensions with 37 million total installs silently exfiltrating user browsing history. Separately, 100+ fake extensions were found hijacking sessions and stealing credentials.

What is a supply chain attack on a browser extension?

An attacker buys or compromises ownership of a legitimate trusted extension, then pushes a malicious update. The QuickLens extension changed owners Feb 1, 2026 and shipped malicious code Feb 17, 2026.

← Back to dashboard

clawsmith.com/signal/malicious-ai-chrome-extensions-steal-chatgpt-900k-users

⚠ IssueUnderservedbrowser_extensionLive

Malicious AI Chrome Extensions Steal 900K Users ChatGPT and DeepSeek Conversations

Two fake AI sidebar Chrome extensions (impersonating AITOPIA) were installed by 900,000 users and silently exfiltrated full ChatGPT and DeepSeek conversation histories to attacker C2 servers every 30 minutes. One carried Google's 'Featured' badge. Both remained live after OX Security reported them Dec 29, 2025. Separately, 287 extensions with 37M users were caught exfiltrating browsing history (HN: 474 pts). The Chrome Web Store's automated scanning missed both campaigns. Demand is emerging for a pre-install extension safety scanner: a 'Carfax for Chrome Extensions' built on HN Feb 2026.

Product Idea from this Signal

A browser extension that detects and blocks other extensions from reading your AI chat sessions in real-time

658 ▲

Malicious Chrome extensions steal ChatGPT, Claude, and DeepSeek conversations from users at scale by silently reading DOM content and exfiltrating session tokens. Existing extension scanners only do pre-install static permission checks and miss behavioral exfiltration once an extension is installed. This tool monitors every installed extension's actual runtime behavior on AI chat pages and alerts or blocks when one attempts to read conversation content, scrape tokens, or send data to suspicious domains.

browser securityAI privacyextension monitoringChromeChatGPTdata exfiltration

Competitive172 leadsView Opportunity →

Score Breakdown

658

Social Proof 2 sources

Chrome extensions spying on users browsing data

2/11/2026

520 HN

How hucksters are manipulating Google to promote shady Chrome extensions

1/9/2025

138

Existing Solutions 3 competitors

ExtensionShieldEarly stage, minimal users

Free Chrome extension scanner checking for security risks and permissions. Pre-install risk scoring.

TrustScanEarly stage

Browser extension security checker, permission risk analyzer, PDF report.

Extension Auditor ProEarly stage

Community-based early warning when extensions contact suspicious domains. Chrome Web Store.

Gap Assessment

UnderservedExisting solutions leave gaps

ExtensionShield, TrustScan, Extension Auditor exist but are all new/early-stage with minimal users. Google's own vetting demonstrably failed to catch 900K-user malicious extension carrying Featured badge.

Frequently Asked Questions

Virality Score

658

across 1 platforms

Details

Signalissue

Ecosystembrowser_extension

Sources2

Platforms1

Updated3h ago

Trend→ stable

Top ideas

All ideas →

0A CLI tool that wraps stateful MCP servers and externalizes their session state so they run behind standard round-robin load balancers without sticky routing 0A CLI tool that tails and greps logs across multiple remote hosts in a single TUI without centralized infrastructure 0A browser extension that removes Gemini and all Google AI injections from Chrome across Search, Gmail, Docs, and Drive in one toggle

Related signals

All signals →

4.1KLinkedIn secretly scans every visitor's browser for 6000+ installed extensions without disclosure 3.9KUsers have no way to see what Chrome extensions are actually sending over the network 1.5KCommercial browser extensions freely copy GPL-licensed open-source extension code with no meaningful recourse for developers