Malicious Chromium Extensions Harvest Enterprise LLM Chats

Microsoft Defender investigated malicious Chromium-based browser extensions that impersonate AI assistant tools and collected LLM chat histories and browsing data, reaching about 900,000 installs and impacting over 20,000 enterprise tenants. The extensions exfiltrated full URLs, chat snippets, model names, and persistent identifiers to domains such as deepaichats[.]com and chatsaigpt[.]com, creating significant privacy and compliance risks for organizations.