Malicious AI Browser Extensions Harvest Emails, Prompts, and Passwords from Users
What Happened — Unit 42 identified 18 browser extensions marketed as AI productivity tools that actually embed remote‑access trojans, infostealers, and man‑in‑the‑middle capabilities. The extensions read email drafts, intercept ChatGPT prompts, and exfiltrate saved passwords to attacker‑controlled domains. Google was notified; the extensions were removed or warned.
Why It Matters for TPRM
- Third‑party browser extensions become a supply‑chain attack vector, bypassing traditional endpoint controls.
- Exposure of email content, AI prompts, and credentials can lead to intellectual‑property loss and credential‑stuffing campaigns.
- Organizations must enforce strict extension‑allow lists and least‑privilege permissions to mitigate data‑exfiltration risk.
Who Is Affected — All industries that permit employees to install browser extensions; particularly SaaS, cloud‑based productivity platforms, and enterprises with remote workforces.
Recommended Actions — Review and harden extension governance policies, restrict installations to vetted sources, enforce least‑privilege permission scopes, deploy URL‑filtering and DNS‑security solutions, and monitor for anomalous outbound traffic.
Technical Notes — Attack vector: malicious browser extensions leveraging API interception, passive DOM observation, traffic proxying, and HTTPS response decryption. Data types stolen include email drafts, AI prompt content, and saved passwords. No specific CVE cited. Source: Palo Alto Unit 42 – High‑Risk Gen‑AI Browser Extensions