AI Tools and Browser Security

Security firm LayerX has uncovered a coordinated campaign using at least 30 malicious Chrome extensions posing as AI assistants — with names like "AI Sidebar," "AI Assistant," "ChatGPT Translate" and "Google Gemini" — that have been installed more than 300,000 times from the official Chrome Web Store. The extensions, some of which remain available, request broad permissions and then quietly read web pages, capture login credentials and, in many cases, access Gmail contents including incoming messages and even drafts, exfiltrating that data to attacker‑controlled servers. Because they are distributed through Google’s official store and branded with familiar AI names such as ChatGPT, Gemini and Grok, they appear legitimate to ordinary users and can easily slip into corporate environments. Researchers say multiple extensions point back to the same backend infrastructure, indicating a single operator or tightly linked group behind the operation. The case highlights how the rush to bolt "AI" into everyday tools is being exploited by attackers and underscores that Chrome’s extension ecosystem — even via the official store — remains a significant attack surface for U.S. users and organizations.