The December 2025 Chrome Extension Breach
In December 2025, security researchers at OX Security made a disturbing discovery: two Chrome extensions had been silently stealing AI chat conversations from over 900,000 users.
One of these extensions carried Google's "Featured" badge—the supposed mark of trustworthiness.
How the Attack Worked
The malicious extensions operated with devastating simplicity:
Step 1: Legitimate Appearance
The extensions offered useful features—productivity tools and UI enhancements. They accumulated hundreds of thousands of users and positive reviews.
Step 2: Silent Data Collection
Once installed, the extensions monitored browser activity. When users visited ChatGPT, Claude, or other AI services, the extensions:
- Intercepted all chat messages in real-time
- Stored data locally on victims' machines
- Exfiltrated conversation batches to command-and-control servers
Step 3: Scheduled Exfiltration
To avoid detection, the extensions transmitted stolen data in batches every 30 minutes—slow enough to avoid triggering security alerts, fast enough to capture everything.
The Urban VPN Incident
The Chrome extension breach wasn't isolated. A separate investigation by Koi Security found "free VPN" extensions with over 8 million downloads had been harvesting AI conversations since July 2025.
| Incident | Users Affected | Discovery |
|---|---|---|
| Malicious AI extensions | 900,000+ | Dec 2025 |
| ... |