Critical Vulnerabilities in Popular Chrome Extensions Expose Millions of Users
Recent reports have highlighted critical security vulnerabilities in several widely used Chrome extensions, notably those powered by artificial intelligence. These issues particularly impact the SiderAI and MaxAI tools, which collectively boast over 10 million installations across Chrome and other Chromium-based browsers. Security experts have raised alarm bells, indicating that these flaws could potentially lead to a full browser compromise, putting millions of users at risk.
The vulnerabilities, named “MaXSS” and “Spyder,” transform these AI-driven extensions from simple convenience tools into major security threats. Agentic side panels, the category to which these extensions belong, are designed to enhance the browsing experience through AI functionalities like summarization, context-based assistance, and automated actions. However, their deeply integrated functionalities and elevated permission levels create opportunities for malicious exploitation, especially when they lack robust isolation and input validation mechanisms.
The core issue stems from the insecure handling of communications between the web pages and the extension’s content scripts. Content scripts serve as intermediaries between untrusted web content and trusted background processes in Chrome’s extension architecture. While this separation is intended to create security boundaries, both SiderAI and MaxAI have lacked adequate input validation for data originating from web pages. This vulnerability allows untrusted sources to indirectly access the extensive privileges afforded to these extensions.
In the case of the MaXSS vulnerability found in MaxAI, attackers can exploit malicious websites to send crafted messages to the content script of the extension. Importantly, these messages are forwarded to the background process without any form of validation, giving attackers the capacity to invoke privileged browser actions. Research from Rebora highlighted the extent of this threat, demonstrating that attackers could perform actions such as opening hidden tabs, taking screenshots of sensitive applications like Gmail and Google Calendar, and even interacting with AI platforms like ChatGPT and Claude to extract user data.
Similarly, the Spyder vulnerability present in SiderAI allows attackers to simulate user interactions within embedded web contexts. By triggering artificial events, malicious websites can manipulate the extension, compelling it to execute actions like typing prompts, clicking buttons, or exfiltrating sensitive data. In a proof-of-concept scenario, researchers illustrated that an attacker could gain access to a victim’s AI account, generate confidential outputs, and leak those via publicly accessible links controlled by the attacker.
The ramifications of these vulnerabilities are extensive. Exploitation requires minimal user interaction—essentially, all that is needed is for a user to visit a malicious webpage. Given the extensive permissions that users grant these extensions, attackers can gain access to vital information, including emails, documents, authentication tokens, and may even execute actions on behalf of the user across various services. Alarmingly, researchers have also indicated scenarios where local file access could be a risk, heightening concerns not just for individual users but for organizations as well.
Despite attempts at responsible disclosure, the vendors of these extensions have yet to respond, leaving users in a precarious position. Google has been made aware of the issues, although no immediate remedial actions have been confirmed as of the time of this report.
Security professionals caution that this situation underscores a more significant challenge within AI-integrated software, particularly among browser extensions that operate with substantial privileges. As the adoption of AI-driven tools continues to accelerate, the web browser remains an increasingly alluring yet vulnerable attack surface for cybercriminals.
For users, the advice is clear: review installed extensions and remove SiderAI and MaxAI if they are present. Organizations are encouraged to enforce stricter extension policies, monitor browser-based threats, and limit the permissions granted to third-party tools to minimize exposure to such vulnerabilities. The security community remains vigilant as they work to mitigate these risks, emphasizing the importance of secure coding practices in the development of browser extensions.