A massive cybersecurity breach has affected more than 300,000 Google Chrome users worldwide, after they unwittingly installed fake AI-powered extensions. These malicious browser add-ons, disguised as popular tools like ChatGPT, Gemini, and AI Assistant, have been found to steal sensitive personal data including emails, passwords, and browsing activity.

Key Takeaways

• Over 30 malicious Chrome extensions posed as AI assistants, targeting more than 300,000 users.

• Extensions accessed and exfiltrated sensitive data, including emails, passwords, and even voice recordings.

• Many were distributed through the Chrome Web Store, making them appear trustworthy.

• Some of these extensions remain available, continuing to put users at risk.

• Cybersecurity experts recommend urgent removal and further safeguards.

How the Attack Unfolded

Researchers at LayerX discovered the campaign, finding that these fake AI extensions shared nearly identical coding and backend infrastructure. Instead of functioning locally, they loaded data from remote servers, allowing attackers to upgrade or change malicious behavior at any time without store approval.

The affected extensions included names and icons similar to real AI services, fooling users into thinking they were installing legitimate productivity tools. Once added, these extensions acquired wide permissions, enabling them to capture:

• Web page contents (including login credentials)

• Gmail emails and drafts (in many cases even unread or unsent messages)

• Browsing history and search queries

• Voice snippets via browser microphone access

List of Most Affected Extensions

The Ongoing Threat

While several of the extensions have now been removed from the Chrome Web Store following media and researcher reports, others are still available and can put new users at risk. Because the malicious code was frequently updated remotely, attackers could modify the behavior or enhance data theft capabilities without alerting the browser's security mechanisms.

How to Protect Yourself

If you have recently installed any AI-related Chrome extension—especially one from a source you can’t verify—it’s critical to take immediate action:

1. Review and Remove Suspicious Extensions:Go to chrome://extensions/ and audit all installed extensions. Remove anything unfamiliar or no longer needed.

2. Change Your Passwords:Prioritize your email and financial account passwords; use strong, unique credentials.

3. Use a Password Manager:These tools alert you if your data appears in breaches and ensure you never reuse passwords.

4. Maintain Updated Security Software:Antivirus and anti-malware apps can help detect and prevent ongoing threats.

5. Consider Identity Protection Services:These services can monitor for misuse and help you recover from identity theft.

Final Thoughts

The incident highlights the growing sophistication of cybercriminals, who exploit the appeal of new AI tools to distribute malware. Even legitimate app stores are not immune to these tactics. Always scrutinize browser extensions before installing, regardless of their popularity or apparent legitimacy, and periodically review what you’ve added to your browser. Constant vigilance and swift response are your best defenses in the digital age.

Sources

• Fake AI Chrome extensions expose 300,000 users' passwords and data, Fox News.

• Fake Chrome AI extensions targeted over 300,000 users to steal emails, personal data and more - here's whatwe know, TechRadar.

• 300,000+ Chrome users installed these malicious extensions posing as AI assistants — delete them right now |Tom's Guide, Tom's Guide.

• Malicious AI Extensions Compromise 300,000 Chrome Users, Ubergizmo.

• New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions, The Hacker News.