Your Browser Extensions Are Watching Everything
Researchers found 29 Chrome extensions stealing ChatGPT tokens and hijacking affiliate links. Here's how to audit yours.
This week, security researchers found 29 malicious Chrome extensions that were doing two things: stealing ChatGPT authentication tokens and quietly replacing affiliate links to skim money from content creators.
One of them, "Amazon Ads Blocker," had a 4.5-star rating and actually worked as advertised. It blocked Amazon ads. It also silently replaced every affiliate code on Amazon with the developer's own — and was harvesting your ChatGPT session tokens in the background.
I checked my own browser immediately. You should too.
Why Extensions Are Dangerous
Browser extensions are programs that run inside your browser with whatever permissions you grant them. And most people click "Add to Chrome" without looking at what those permissions actually mean.
Here's what common permissions allow:
"Read and change all your data on all websites" — This is exactly as terrifying as it sounds. The extension can see everything you do online. Every page, every form, every password field. It can modify what you see, inject content, and intercept data before it's encrypted.
"Read your browsing history" — It knows every site you visit.
"Manage your downloads" — It can download files to your computer.
"Communicate with cooperating websites" — It can send your data to external servers.
Most extensions request more permissions than they need. An ad blocker needs to see page content to block ads — but it doesn't need access to your browsing history or the ability to manage downloads.
What These Extensions Actually Did
The researchers found a cluster of 29 extensions targeting e-commerce sites and AI platforms. Here's the scheme:
Affiliate Link Hijacking
When you click an affiliate link to Amazon, the creator who shared that link gets a small commission. These extensions would:
- Detect when you visited Amazon, AliExpress, Walmart, Shein, or Best Buy
- Silently replace any affiliate codes with the extension developer's code
- Or inject their own code if there wasn't one already
You'd never notice. The page looks identical. But the commission goes to the attacker instead of whoever you were actually trying to support.
Annoying and unethical? Yes. But the other thing they did was worse.
ChatGPT Token Theft
Some of these extensions also scraped authentication tokens from ChatGPT. With your token, an attacker can:
- Access your ChatGPT account
- Read your entire conversation history (including anything sensitive you discussed)
- Use your account (burning through your subscription)
- Potentially access other OpenAI services linked to your account
If you've ever asked ChatGPT to help with something confidential — code, contracts, medical questions, personal problems — that information is now in someone else's hands.
How to Audit Your Extensions
Step 1: See What You've Got
Open Chrome and go to chrome://extensions (just type it in the address bar).
Look at every extension. For each one, ask:
- Do I actually use this?
- Do I remember installing it?
- Does the permission list make sense for what it does?
Step 2: Check Permissions
Click "Details" on each extension to see its permissions.
Red flags:
- "Read and change all your data on all websites" — for anything other than ad blockers or password managers
- "Read your browsing history" — unless there's an obvious reason
- "Manage your apps, extensions, and themes" — almost never needed
- "Communicate with cooperating native applications" — could be running code outside the browser
Step 3: Research Suspicious Ones
If an extension has permissions that seem excessive for its purpose:
- Search for "[extension name] malware" or "[extension name] security"
- Check the Chrome Web Store reviews for warnings
- Look at the developer — is it a known company or some random person?
- Check when it was last updated — abandoned extensions don't get security patches
Step 4: Remove Anything Unnecessary
The best security advice is also the simplest: if you don't need it, remove it.
Every extension you keep is a potential attack surface. Even legitimate ones can be compromised — developers sell extensions, or their accounts get hacked, and suddenly a trusted extension pushes a malicious update.
I aim for five or fewer extensions. Fewer moving parts, fewer problems.
What to Do If You Had a Malicious Extension
If you found one of the problematic extensions (or anything suspicious):
Immediate Steps
- Remove it — obviously
- Change your passwords — especially for any sites the extension had access to
- Log out of ChatGPT everywhere — go to ChatGPT → Settings → Data Controls → Log out all devices
- Revoke API keys — if you have any OpenAI API keys, regenerate them
- Check your accounts — look for anything suspicious, unauthorized access, or settings changes
For Affiliate Hijacking
Honestly, there's not much to do here except remove the extension. The damage is just that content creators didn't get commissions they deserved. No data was stolen from you specifically.
For Token Theft
This is more serious. Assume your ChatGPT history has been compromised. If you discussed anything sensitive:
- Consider whether any information could be used against you
- If it was work-related, you may need to inform your employer
- If it involved credentials or secrets, rotate them
Extensions Worth Keeping (And Why)
Not all extensions are risky. Some are genuinely useful and made by trustworthy developers:
Password managers (Bitwarden, 1Password) — Need broad access by design. Made by reputable security companies. Worth the trade-off.
uBlock Origin — Open-source ad blocker. Heavily audited by the community. The gold standard for ad blocking.
Privacy Badger (EFF) — Made by the Electronic Frontier Foundation. Blocks trackers. Trustworthy source.
HTTPS Everywhere (EFF) — Forces HTTPS connections. Trusted source. (Note: becoming less necessary as browsers add this natively.)
The pattern: established developers, open-source when possible, clear privacy policies, and a track record.
Permissions to Avoid
When installing any extension, be skeptical if it requests:
- All sites access — for something that shouldn't need it (a screenshot tool, a colour picker, etc.)
- Browsing history — almost never necessary
- Download management — legitimate uses are rare
- Native messaging — can run code outside the browser sandbox
- Clipboard access — can read anything you copy/paste
Some permissions are granted silently and aren't shown at install time. Check the extension's details page after installing.
The Larger Problem
Chrome's extension security model is fundamentally broken. Once you grant permissions, the extension can do whatever those permissions allow. There's no sandboxing, no behavioural analysis, no warning when an extension suddenly starts doing something new.
Google does scan for obviously malicious extensions, but as this week's discovery shows, their detection isn't comprehensive. Extensions can behave normally during review and activate malicious code later.
Firefox has similar issues. Safari is stricter but still not perfect.
The solution is defence in depth:
- Minimise extensions (fewer = smaller attack surface)
- Prefer open-source (code can be audited)
- Use established developers (track record matters)
- Review permissions carefully (trust but verify)
- Check periodically (extensions can go bad after updates)
A Note on AI Services
This incident specifically targeted ChatGPT, but the same attack works on any AI service: Claude, Gemini, Perplexity, whatever you use.
If you discuss sensitive things with AI assistants (and who doesn't?), your conversation history is valuable to attackers. Treat your AI accounts with the same seriousness as your email.
Use strong, unique passwords. Enable 2FA. And don't let random browser extensions access those sites.
Go audit your extensions. It takes ten minutes, and you'll probably find a few you forgot you installed. Remove them.
Your browser is where most of your digital life happens. The fewer strangers watching, the better.