Researchers at OX Security have raised a major security alert. They discovered that two popular Chrome extensions were secretly stealing chat history from ChatGPT and DeepSeek users. This situation is even more alarming because one of the malicious extensions had Google’s “Featured” badge. This gave users a false sense of safety.
These extensions were listed under the name AITOPIA. They claimed to offer a handy sidebar for chatting with AI models while browsing any website. On the surface, they worked exactly as promised – but in the background, they were also acting as spyware.
What the Extensions Were Doing
Once installed, these Chrome extensions began sending users’ chat history to remote servers. This occurred every 30 minutes. They also sent browsing data. That means anything you typed into ChatGPT or DeepSeek could have been exposed. This includes personal messages, ideas, company data, or even lines of proprietary code.
Researchers warned that this stolen data could be used for identity theft, targeted phishing attacks, or even corporate espionage. In other words, sensitive conversations meant to stay private might already be in the wrong hands.
Over 900,000 Users Affected
Together, the two extensions collected more than 900,000 installations. OX Security informed Google about this security threat. However, both extensions remained live on the Chrome Web Store as of December 30, 2025. They were still available for download.
This highlights a serious concern: even extensions that look legitimate and carry Google’s “trust” label can still be dangerous.
What You Should Do Right Now
If you have any extensions from AITOPIA installed, remove them immediately from your Chrome browser. Here’s how:
- Open Chrome and go to Settings > Extensions.
- Find any extensions from AITOPIA.
- Click Remove.
- Clear your browser’s cache and change your passwords as an extra precaution.
Also, keep these safety tips in mind:
- Don’t trust extensions solely based on ratings or badges. Even “Featured” ones can be malicious.
- Install only from verified developers and check reviews over time.
- Regularly clean up your extensions – remove those you no longer use.
Why This Matters
More people are using AI tools like ChatGPT for writing, research, coding, and even business communication. This means our chat histories often contain sensitive data, which hackers can exploit for profit or manipulation.
As OX researchers put it, “Conversations with AI could include proprietary code. They may also hold personal information and confidential business details. All of these can be weaponized.”
