Browser extensions with greater than 8 million installs are harvesting customers’ full and prolonged AI conversations and promoting them for advertising functions, in response to information collected from the Google and Microsoft pages internet hosting them.
Safety agency Koi found the eight extensions, which as of late Tuesday evening remained out there in each Google’s and Microsoft’s extension shops. Seven of them carry “Featured” badges, that are endorsements meant to sign that the businesses have decided the extensions meet their high quality requirements. The free extensions present features equivalent to VPN routing to safeguard on-line privateness and advert blocking for ad-free searching. All present assurances that consumer information stays nameless and isn’t shared for functions apart from their described use.
A gold mine for entrepreneurs and information brokers
An examination of the extensions’ underlying code tells a way more difficult story. Every comprises eight of what Koi calls “executor” scripts, with every being distinctive for ChatGPT, Claude, Gemini, and 5 different main AI chat platforms. The scripts are injected into webpages any time the consumer visits one in every of these platforms. From there, the scripts override browsers’ built-in features for making community requests and receiving responses.
