Security experts have uncovered a number of dangerous extensions for the Chrome browser. A total of 30 extensions belonging to the AiFrame campaign have been identified as dangerous, appearing to offer AI services but actually designed to intercept sensitive information.
To date, the extensions have been installed by over 260,000 users through the official Chrome Web Store. At times, they were even shown among recommended extensions, as the creators were able to circumvent important security measures.
Security researchers at LayerX Security explain how the extensions work in their analysis. They employ server-side interfaces that are embedded in the code and function as privileged proxies. This gives them extensive permissions, such as scanning and copying content (including sensitive details like passwords and bank info) from active browser tabs and sending it to the extension’s operators.
Which browser extensions are dangerous?
The 30 browser extensions, all of which work with the same code base, primarily attract users with well-known names of AI models (like ChatGPT or Gemini) but don’t actually work with those official platforms. Sometimes, incorrect spellings are used (like “ChatGBT”). In addition, generic names such as “AI Assistant” or “AI Translator” appear on the list.
The following browser extensions were installed the most:
- AI Assistant: 50,000 installations
- Gemini AI Sidebar: 80,000 installations
- AI Sidebar: 50,000 installations
- ChatGPT Translate: 30,000 installations
- AI GPT: 20,000 installations
- ChatGPT Sidebar: 10,000 installations
Apparently, the attackers use placeholder extensions that were already removed from the store, putting them back up with new names and modified code to circumvent Google’s security mechanisms.
According to the researchers, they investigated one of the malicious extensions last year, which was removed from the store after their investigation, only to reappear back on the store about two weeks later with a new name and modified ID.
How to protect yourself
The common advice still applies here—only install extensions from trusted, official stores—but it isn’t enough in this case. You’re still left vulnerable to sophisticated campaigns that hijack legitimate pages and get around important security checks. After all, these extensions were in the official Chrome Web Store and reappeared there several times.
So, the next bit of security advice is to always be vigilant and watch for signs of scams and malware. These include incorrect spellings or descriptions, as well as extensive permission requests by an extension that doesn’t really need all the stuff it’s asking for.
If you’re interested in using artificial intelligence in your browser, only use official apps from OpenAI, Google, and others. Also, be sure to protect your system with reputable antivirus software.
We recommend: Norton 360 Deluxe
