RECENT research has unveiled critical vulnerabilities in two widely used Chrome extensions, SiderAI and MaxAI, with over ten million combined installations. These flaws, named Spyder and MaXSS, allow attackers to exploit users' browsers without requiring any direct interaction. The MaxAI vulnerability enables unauthorized execution of system commands and unauthorized data access, while Spyder allows for simulating user actions to steal sensitive information.
The report highlights the severe risks, including data leaks and account takeovers, and advises users to remove these extensions immediately as no patches are currently available.