Millions Unknowingly Exposed: Popular Browser Extensions Hijack AI Chats

Imagine asking your favorite AI assistant a deeply personal question, believing your conversation is private. Now, picture that entire exchange - your words, the AI’s responses, even the timestamps - being quietly copied and shipped off to unknown servers, all thanks to an innocent-looking browser extension. For over eight million users, this isn’t a hypothetical nightmare - it’s reality.

The Hidden Cost of “Free” Privacy Tools

Security researchers at Koi uncovered a troubling scheme buried within the code of eight widely used browser extensions. Despite offering perks like VPN protection and ad blocking - features meant to boost online privacy - these add-ons operate a shadowy double life.

Ironically, many of these extensions are labeled as “Featured” in the Chrome Web Store and Microsoft Edge Add-ons, a badge that usually signals trust and quality. Yet, beneath the surface, each extension injects what Koi calls “executor” scripts into web pages every time a user visits major AI chat platforms like ChatGPT, Claude, or Gemini.

These scripts don’t just observe; they hijack the browser’s ability to send and receive data. By overriding the standard browser functions - like fetch() and HttpRequest - the extensions intercept every message exchanged between user and AI. This means entire conversations, from innocent queries to confidential business discussions, are captured in real time, compressed, and shipped off to servers controlled by the extension makers.

Despite their privacy promises, the extensions’ true business model is data harvesting. Once collected, these rich, detailed conversations are sold to marketers and data brokers. For advertisers, such data is a gold mine, offering direct insight into users’ interests, needs, and even vulnerabilities.

What’s most alarming is the seamlessness of the operation. Users, trusting the “Featured” badge and the privacy claims, have no visible indication that their AI conversations are being siphoned away. The collection occurs before the AI’s response even appears in the browser, making detection extremely difficult for the average user.

Trust Eroded in the Age of AI

This incident highlights a growing crisis of trust in the digital ecosystem. As AI chatbots become fixtures in our daily lives, the privacy of these interactions is paramount. Yet, the very tools we rely on for protection may be the biggest threat of all. Until extension stores enforce stricter vetting and users become more vigilant, the line between helper and spy remains dangerously blurred.

WIKICROOK

• Browser Extension: A browser extension is a small add-on that enhances browser features but can also be misused by hackers to steal data or spy on users.
• Executor Script: An Executor Script is code injected into web pages by extensions to intercept, monitor, or alter data flows, posing potential cybersecurity risks.
• API (Application Programming Interface): An API is a set of rules that lets different software systems communicate, acting as a bridge between apps. APIs are common cybersecurity targets.
• Data Broker: A data broker collects, buys, and sells personal data - often without individuals’ knowledge - to third parties for marketing, credit, or risk assessment.
• Compression: Compression reduces data size to speed up transmission and save storage. It's vital in cybersecurity but can introduce vulnerabilities if misused.