AI Browser Extensions Abuse CVE-2026-50751 to Harvest Chat Data

THIS article highlights critical vulnerabilities and threats related to browser extensions, particularly those utilizing artificial intelligence (AI). It reports on the discovery of malicious AI extensions that harvest sensitive user data without consent, posing significant risks to enterprise security. Key points include:

1. **Active Exploits**: Several critical vulnerabilities have been identified, including CVE-2026-50751 involving Check Point VPN.

2. **Data Exfiltration**: Malicious browser extensions like Urban VPN and Smart Sidebar use hidden scripts to monitor and intercept user communications, especially on AI chat platforms.

3. **Payload Analysis**: An investigation reveals the structured parameters and data captured during these espionage operations, including entire chat histories.

4. **Security Risks**: Threat actors exploit trusted environments, using approved extensions to mask their malicious activities, emphasizing the need for strict extension allow-lists in organizations.