The Rise of Malicious ChatGPT Browser Extensions and What to Do About It

By Davit Asatryan, Director of Product, Spin.AI

Mainstream generative AI (think ChatGPT, Google Bard) has exploded in the last few years, with some estimates putting the market at $1.3 trillion within a decade. To provide some context, Bloomberg reported that the industry generated about $40 billion in 2022. This tremendous growth is fueled in no small part by the vast promise of generative AI to simplify everything from marketing processes to infrastructure products to programs that speed up coding. However, it is becoming increasingly difficult for users in this highly saturated market to determine which applications and extensions are legitimate and which might expose their organizations to risk. A great example of this is the rise in ChatGPT-like browser extensions.

Given its recent popularity, it shouldn’t be a surprise that ChatGPT is dominating the generative AI tool space. At the time of writing this article, OpenAI claims to have more than 100 million users and more than one billion monthly visitors. That’s a massive user base that threat actors are looking to exploit. As a result, they’ve started creating and weaponizing malicious ChatGPT browser extensions. In this article, I’ll review the operational risks associated with today’s most popular ChatGPT extensions and give some guidance on how organizations can better protect themselves.

First, if you don’t think the threat of malicious ChatGPT extensions is real, just look at the recent fraudulent extension that tried to spook “ChatGPT for Google.” This extension was a trojanized version of a legit open-source browser add-on that was installed by more than 9,000 users. Advertised on Facebook as a tool to help users enhance their search engine with ChatGPT, it actually hijacked Facebook accounts undetected. It was quickly removed from the Chrome Web Store, but not before stealing login credentials from at least 6,000 corporate accounts and 7,000 VPN accounts.

The reality is that ChatGPT extensions are popping up faster than they can be removed. Three months ago, our research team reviewed the Chrome Web Store and discovered there were only 11 extensions for ChatGPT – today, there are over 200 and counting. And many of them are high-risk. But how do you know what is risky? And what can that risk result in?

Let’s dive into an example using one of the most popular ChatGPT extensions in the Chrome Web Store, which just so happens to also be called “ChatGPT for Google” (different from the aforementioned Facebook extension). It has more than 2 million installations and has a consistently positive track record with Google services. But this extension introduces security risk for a variety of reasons. First, it requests a dangerous amount of access, including read/write permissions on browsers, that provides extension-specific ways to persist user data, and scripting that allows the extension to inject JavaScript and CSS into websites via an API.

Another red flag is that the extension comes from an unknown developer and is literally registered to a generic Gmail address. It also has a generic one-page website with no official phone number or address. An application or browser extension that isn’t registered by an identified developer may contain harmful code or malware, not be supported or updated to address vulnerabilities, and could get access to more sensitive data than is required for its service. Furthermore, because it appears to be from an individual developer (and not an organization), the privacy policy (if present) may be inadequate for legal and compliance uses, it likely has not had an independent audit, and developer authority can’t be determined. The risk is high, and organizations should think twice about allowing employees to use these types of extensions.

Unfortunately, most ChatGPT extensions available on the Chrome Web Store today are, by the same standards, alarmingly high risk. Our research team identified the following popular ChatGPT extensions (in addition to ChatGPT for Google) as high and medium risks:

ChatGenie for ChatGPT

ChatGPT Writer

ChatGPT Assistant – Smart Search

LINER:ChatGPT for Google Search & Highlighter

ChatGPT as a New Tab

So, what can malicious extensions do? Once installed, they can access your machine, your activity, your sensitive data, and other parts of your environment. They can steal sensitive personal information and login credentials. They can display unwanted targeted ads and slow browser speeds. And they can inject malicious code and malware. What can you do about it?

The rise in malicious extensions has become so great that Google recently added enhanced DLP and extension protections directly into the Google Workspace Admin console to help organizations streamline the identification of malicious applications and browser extensions. However, if you don’t have a Google Workspace Admin, consider taking these steps.

Understand what browser extensions are being used across your network. Do a comprehensive inventory (and maintain it). You can’t protect what you can’t see.

Understand the specific data these extensions have access to and what risks are posed by these extensions integrating with your SaaS environment. What is the scope and scale of high-risk extensions (​​for example, the number of users on high-risk apps)? It’s vital to understand the operations, security, privacy, and compliance risks they present.

Inventory, assess the risk, and control these extensions. It’s important to identify what data will be processed, stored, or transmitted through these extensions and the risk that presents. Doing ongoing assessments is crucial to understanding how extensions have either become more vulnerable or hardened.

Reassess the risk and manage access for extensions every time there is an update. Set up automated policies that align with your company’s compliance and security posture to streamline and automate risk prevention.

As generative AI continues to blossom, expect to see hundreds if not thousands of more extensions. Many of these can enhance productivity and streamline operations. But understanding the risks associated with malicious extensions, and being able to quickly identify and block usage, is crucial to maintaining security and compliance standards.

Davit Asatryan is the Director of Product for Spin.AI, focusing on the All-in-One SaaS Security platform, SpinOne. He has been with the company for over 5 years and specializes in SaaS data protection, helping organizations battle Shadow IT, ransomware and data leak issues.


Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.