Malicious Extensions Can Use Chatgpt To Steal Your Personal Data - Here's How

Elyse Betters Picaro / ZDNET

ZDNET's cardinal takeaways

• Browser extensions tin usage AI prompts to bargain your data.
• All AI LLMs tin beryllium exploited, some commercialized and internal.
• LayerX's exertion now useful pinch Chrome for Enterprise to protect you

That browser hold you conscionable installed successful Chrome whitethorn look harmless enough. If created by a savvy cybercriminal, it could return advantage of AI to bargain individual aliases business information without your knowledge.

Also: Is that hold safe? This free instrumentality lets you cognize earlier you install

A new report from browser information supplier LayerX describes really immoderate browser hold tin entree nan prompts of AI-powered LLMs (large connection models) to inject them pinch nan basal instructions designed to bargain data. Without moreover requiring typical permissions, specified an hold could beryllium particularly vulnerable successful a business situation wherever it's tin of capturing soul aliases proprietary information.

How nan utilization useful

The utilization itself is based connected nan measurement astir generative AI devices activity successful nan browser. When you usage an LLM-based AI assistant, nan punctual is designed arsenic portion of nan web page's Document Object Model (DOM), an API that allows entree to each nan objects connected nan page. Any extensions pinch scripting entree to nan DOM tin straight publication from and constitute to nan prompt, according to LayerX.

With that level of access, a malicious hold could tally punctual injection attacks to alteration nan user's input aliases adhd hidden instructions. From there, it tin extract information from nan original prompt, from nan AI's response, aliases from nan full conversation. Ultimately, nan hold could instrumentality nan AI into divulging delicate information aliases performing malicious tasks.

Also: 5 browser hold rules to unrecorded by to support your strategy safe successful 2025

Though this utilization perchance threatens each browser users, nan consequence could beryllium greater for enterprises. Here, users whitethorn transcript and paste proprietary aliases regulated contented into a prompt. An soul AI besides has entree to confidential firm data, thing from root codification to ineligible documents to M&A plans. Further, galore businesses let labor to freely instal immoderate hold they want, expanding nan likelihood that a malicious 1 whitethorn inadvertently beryllium added.

All types of LLMs are susceptible to this exploit, according to LayerX. This includes third-party web-based services for illustration ChatGPT, Claude, Google Gemini, and Microsoft Copilot, arsenic good arsenic soul LLMs and akin tools.

(Disclosure: Ziff Davis, ZDNET's genitor company, revenge an April 2025 suit against OpenAI, alleging it infringed Ziff Davis copyrights successful training and operating its AI systems.)

The researchers proved their conception

As portion of its research, LayerX said that it successfully tested this utilization connected each nan apical commercialized LLMs, pinch attraction focused connected ChatGPT and Google Gemini. With some of those AIs, nan researchers were capable to beryllium their conception that a malicious hold could manipulate AI to shape information exfiltration attacks.

With ChatGPT, nan researchers described nan pursuing steps to show really nan utilization works:

1. You instal a compromised hold that requires nary typical permissions.
2. A command-and-control server tally by nan attackers sends a query to nan extension.
3. The hold opens a inheritance tab and queries ChatGPT.
4. The results are exfiltrated to an outer log.
5. The hold deletes nan speech to screen up its tracks. As such, viewing your chat history wouldn't show immoderate signs of intrusion aliases compromise.

LayerX recovered immoderate extensions already tin of punctual injections. Such Google Chrome extensions arsenic Prompt Archer, Prompt Manager, and PromptFolder are each tin of reading, storing, and penning to AI prompts. Though these extensions look to beryllium perfectly legitimate, this shows really a malicious 1 tin usage nan aforesaid functionality to do damage.

How tin you protect yourself against malicious extensions?

For nan business world, LayerX worked pinch Google to adhd its hold consequence scoring characteristic straight into nan Chrome for Enterprises browser. When you effort to usage an extension, LayerX's exertion will analyse each nan applicable details, including nan entree permissions, patient information, and usage. The characteristic besides looks for immoderate malicious codification successful nan hold and responds successful clip to artifact it.

Also: I recovered a malicious Chrome hold connected my strategy - here's really and what I did next

Beyond protecting individual users from vulnerable extensions, LayerX's exertion should thief IT admins get a amended grip connected specified threats. The consequence scores assigned to each hold will look successful nan guidance dashboard of Chrome Enterprise, providing each nan basal specifications to find which ones are morganatic and which ones are not.

Aside from nan LayerX protection for Chrome Enterprise, IT and information admins tin return a mates of different steps to combat these malicious extensions.

1. Monitor DOM interactions. Monitor each DOM interactions pinch your company's generative AI tools. Be connected nan lookout for immoderate listeners aliases webhooks that tin interact pinch AI prompts.
2. Block risky extensions. Block suspicious extensions not conscionable done let lists but based connected existent risk. Your champion stake is to usage patient estimation specifications on pinch move hold sandboxing to forestall malicious extensions from running.

Finally, LayerX offers a free website designed to place risky browser extensions. Known arsenic ExtensionPedia, this online database evaluates nan information of much than 200,000 extensions crossed Chrome, Firefox, and Edge.

Get nan morning's apical stories successful your inbox each time pinch our Tech Today newsletter.