Over Half of Chrome AI Extensions Collect User Data Without Permission

Data Security Alarm for Chrome AI Extensions

As artificial intelligence integration rapidly expands across the technology landscape, security concerns are rising at an equal pace. A recent study has uncovered that over 50% of artificial intelligence extensions available in the Google Chrome Web Store collect user data without permission. This striking finding exposes how browser extensions, used daily by millions, can transform into covert data collection tools.

The research, which examined hundreds of AI extensions, identified coding assistants, audio/video transcription tools, and productivity-enhancing applications as the most risky categories. These extensions were found to request access to sensitive user data, including personal information, browsing history, and even confidential business documents.

Chat History of 900,000 Users Stolen

One of the most dramatic examples demonstrating the severity of this issue occurred on January 2, 2026. Two Chrome extensions impersonating popular AI tools were discovered to have stolen the private chat histories of approximately 900,000 users from platforms like ChatGPT and DeepSeek. This incident revealed that not only technical data but also users' personal thoughts and correspondence are at risk.

Security experts emphasize that such extensions are typically designed to closely resemble the names and interfaces of legitimate AI tools, making it difficult for users to distinguish them from original applications. Fraudsters exploit users' trust in AI tools to conduct large-scale data theft operations.

Highest-Risk Extension Categories

According to the study's detailed analysis, extensions in certain categories carry significantly higher risks than others:

• Coding and Developer Tools: Extensions claiming to assist software developers generally request extensive permissions that could compromise proprietary code and development environments.
• Transcription and Media Processing: Audio and video transcription tools often require access to microphone and file systems, creating opportunities for unauthorized recording and data extraction.
• Productivity Enhancers: Applications promising improved workflow efficiency frequently seek permissions to monitor browsing activity and document interactions.
• Writing and Content Assistants: AI-powered writing tools may capture sensitive communications, creative content, and confidential business correspondence.

The research team noted that many problematic extensions employ vague privacy policies and request permissions disproportionate to their stated functionality. Users are advised to scrutinize permission requests, review developer reputations, and limit installations to extensions from verified publishers. Regular security audits and prompt removal of unused extensions are also recommended as essential protective measures in today's increasingly complex digital ecosystem.