RESEARCHERS discovered 16 malicious browser extensions for Google Chrome and Microsoft Edge that steal ChatGPT session tokens, giving attackers access to accounts, including conversation history and metadata. The 16 extensions (15 for Chrome and 1 for Edge) claim to improve and optimise ChatGPT, but instead siphon users’ session tokens to attacker‑controlled backends, and together they have been downloaded around 900 times.
Possession of these tokens gives attackers the same level of access as the user, and the extensions also send extra details about themselves and how they’re used, along with special keys from their own online service, enabling the attackers to build a picture of who you are and how you work online.
According to the researchers, this campaign coincides with a broader trend of AI‑powered browser extensions that mimic known brands to gain trust, and many are designed to hijack ChatGPT identities by stealing session authentication tokens. Microsoft and Google have been notified about the abuse, though extensions already installed may remain active until users remove them.
The article lists affected extensions under names such as ChatGPT Mods, ChatGPT Mods, and others, with details including publisher and extension IDs. According to Researchers, this highlights that even extensions in official stores are not automatically safe and underscores the importance of only installing from trusted sources.