“
Introduction: The ‘Sugar-Coated Poison’ Behind Convenience
In the era of the generative AI explosion, ChatGPT and DeepSeek have become ‘lifelines’ for many in their work and daily lives. To pursue the ultimate user experience, many users choose to install Chrome browser extensions to enhance AI functionality. However, as the saying goes, ‘there’s no such thing as a free lunch.’ Recently, cybersecurity experts exposed a chilling discovery: two popular extensions were secretly ‘playing double games,’ stealing the conversation records of over 900,000 users!This cybersecurity storm not only makes us re-examine the security of browser plugins but also serves as a reminder to all AI users: while you are speaking freely with AI, there may be a pair of eyes watching from the shadows, ‘waiting for the rabbit to fall into the trap.’
News Highlight: 900,000 Users ‘Stripped Bare’
According to the latest report from cybersecurity media The Hacker News, security researchers identified two malicious extensions disguised in the Google Chrome Web Store. Here is a core summary of the incident:
- Massive Number of Victims: These two plugins have been installed a cumulative 900,000 times, an astonishing scope of impact.
- Theft Method: On the surface, these extensions provide AI assistance; in reality, they secretly monitor all conversations between users and ChatGPT or DeepSeek in the background and leak them to remote servers.
- Data Leakage: In addition to AI conversation content, research shows that users’ browsing data also fell into the hackers’ hands, being packaged and taken away.
The way these two extensions operate can be described as ‘painting legs on a snake’—injecting malicious code into normal AI web pages, causing users to ‘walk into the lion’s den’ without even realizing it.
Deep Analysis: Why Are Hackers Targeting Your AI Conversations?
You might ask: ‘I’m only asking AI what to eat for dinner, what does it matter if someone sees it?’ This is a classic case of needing to ‘be on guard against others.’ In the eyes of cybersecurity experts, AI conversation records are simply a treasure trove of ‘hidden dirt,’ possessing extremely high commercial and criminal value:
- Corporate Secret Leaks: Many engineers give unreleased code to AI for debugging, or marketing planners have AI polish unpublished projects. Once hackers get hold of this content, the corporate loss will be immeasurable.
- Personal Privacy Puzzle: People often let their guard down with AI, mentioning their place of residence, company names, or even financial status in conversations. Hackers can use this for precise ‘phishing scams.’
- Identity Verification Risks: Some conversations may contain sensitive API Keys or Session Tokens, which for hackers are essentially ‘ready-to-use’ lock-picking tools.
Security Classroom: How to Avoid ‘Losing Everything’?
Facing the constant emergence of malicious plugins, we cannot simply ‘sit and wait for death.’ As a savvy digital citizen, you should take the following protective measures:
- Audit and Declutter: Periodically check the plugins installed in your browser. If some tools haven’t been used for a long time or come from unknown sources, please ‘uproot’ them immediately.
- Permission Review: If you find a simple AI assistant requesting to ‘read and change all your data on all websites’ during installation, this is a classic ‘sword dance with ulterior motives.’ Please be highly vigilant.
- Official Channels Are Safest: Try to use the official apps or web versions provided by OpenAI or DeepSeek, and avoid using ‘third-party enhanced versions’ of unknown origin.
- Better Late Than Never: If you have installed plugins with similar functions, it is recommended to change relevant account passwords immediately and check AI history for sensitive information, deleting it as soon as possible.
Conclusion: Digital Privacy on Thin Ice
This Chrome extension scandal has once again sounded the alarm for us. While pursuing technological convenience, we are often prone to being ‘penny wise and pound foolish,’ neglecting the most basic cybersecurity principles. Although the digital world is colorful, it is also full of traps. Only by maintaining a cautious attitude of ‘walking on thin ice’ can we enjoy the benefits of AI while protecting our privacy and property security.Don’t let your AI assistant end up being an ‘undercover agent’ sent by hackers!”
