It’s not enough to have ChatGPT do everything for you, but now people download Chrome extensions to help them manage ChatGPT. Several Chrome extensions used to manage ChatGPT like mass deleting chats, bookmarking chats, prompt optimization, timestamp displays, downloads, organization, and so much more were found to actually steal ChatGPT ideas and data. Experts tell you to download Chrome extensions from the Chrome Store only, but many malicious Chrome extensions can be found on the Chrome Web Store.
Malicious Chrome extensions recently found to be stealing ChatGPT data had thousands of installs.You can assume many of these installs were for businesses, which means that the authors behind the malicious extensions now have corporate secrets. Any passwords, credentials, and sensitive data is now in the hands of a third party. This attack is similar but unique from an AI reprompt attack found in Copilot earlier in January 2026.
You might wonder what someone can do with this information, but enough data about you can be used for phishing or corporate espionage. Let’s say that you run a business and your marketing department uses ChatGPT with one of these malicious Chrome extensions to build a strategy, an attacker could use this information to sell to a competitor. This is just one example, but you can imagine that any corporate secrets shared in ChatGPT could be valuable to your competitor.
Individuals using ChatGPT could share enough information to allow an attacker to understand preferences, hobbies, family interactions, and other daily activities. With this information, an attacker could launch a targeted phishing or social engineering attack. It’s especially dangerous if the targeted user is a minor.
Signs That You Downloaded a Malicious Chrome Extension
The list of Chrome extensions found to steal ChatGPT information (listed in the next section) did not have public Github repositories. The code was deployed to Google’s Chrome Web Store, so the source code technically passed a review. Unfortunately, Google’s review is basic and several malicious extensions have been discovered with thousands of installs.
If you insist on installing a Chrome extension, you can take a look at the JSON Manifest included with the extension download. The file name in all extensions is manifest.json. Here is a trimmed down example of a JSON Manifest file from an extension that you should be hesitant to install:
{
"manifest_version": 3,
"name": "ChatGPT Helper",
"version": "0.1.0",
"description": "This extension is totes innocent I promise ;).",
"minimum_chrome_version": "114",
"permissions": [
"storage",
"tabs",
"scripting",
"cookies",
"webRequest",
"webRequestBlocking",
"alarms",
"notifications"
],
"host_permissions": [
"<all_urls>"
],
"background": {
"service_worker": "sw.js",
"type": "module"
},
"content_scripts": [
{
"matches": ["<all_urls>"],
"js": ["content.js"],
"run_at": "document_start"
}
],
"web_accessible_resources": [
{
"resources": ["injected.js"],
"matches": ["<all_urls>"]
}
],
"externally_connectable": {
"matches": ["*://*.chatgpt.com/*"]
},
"action": {
"default_title": "ChatGPT Helper"
},
"icons": {
"16": "icons/16.png",
"48": "icons/48.png",
"128": "icons/128.png"
}
}
There are a few warning signs from this manifest.json file. The first one is in the permissions section. As you can see, the permissions give this extension access to just about everything, but the webrequest permission gives it access to the data you share with ChatGPT. The recent malicious Chrome extensions found eavesdropping on ChatGPT data were stealing session data from cookies, which is also a permission in this manifest.
The next red flag is the overly permissible access to “all URLs” throughout the entire manifest. The “host_permissions” section and “web_accessible_resources” section allow the extension to access all URLs. This isn’t specific to ChatGPT, but any Chrome extension that wants access to all domains should be a red flag.
Allowing an extension to run as a background worker is not a red flag in itself, but you would need to read the JavaScript code in the sw.js file to see what it is doing. Be careful though, because most attackers obfuscate their code. An example might be that the background worker waits for you to type something into ChatGPT or watches for certain words before it sends data to an attacker.
The content.js file set in the “content_scripts” section should also be reviewed. This JavaScript file loads content into all URLs (or the URLs specified in the host_permissions section. With such a permissive manifest file, an attacker could inject phishing content into your web pages, any page. For ChatGPT, the attacker might inject nothing at all and only listen for specific phrases.
Most Recent Malicious Chrome Extension List Found to Steal ChatGPT Ideas and Data
Malwarebytes listed the malicious Chrome extensions in this particular attack, but just know that there will be others. Always look at the manifest file before allowing any extension to access pages with sensitive data. This might require a professional, but always side with caution and avoid installing unknown extensions, even if you found them from the official Chrome Web Store.
Here are the malicious extensions, and if you have any one of them you should disable them from your browser:
- ChatGPT bulk delete, Chat manager — ChatGPT Mods — gbcgjnbccjojicobfimcnfjddhpphaod
- ChatGPT export, Markdown, JSON, images — ChatGPT Mods — hljdedgemmmkdalbnmnpoimdedckdkhm
- ChatGPT folder, voice download, prompt manager, free tools — ChatGPT Mods — lmiigijnefpkjcenfbinhdpafehaddag
- ChatGPT message navigator, history scroller — ChatGPT Mods — ifjimhnbnbniiiaihphlclkpfikcdkab
- ChatGPT Mods — Folder Voice Download & More Free Tools — jhohjhmbiakpgedidneeloaoloadlbdj
- ChatGPT pin chat, bookmark — ChatGPT Mods — kefnabicobeigajdngijnnjmljehknjl
- ChatGPT Prompt Manager, Folder, Library, Auto Send — ChatGPT Mods — ioaeacncbhpmlkediaagefiegegknglc
- ChatGPT prompt optimization — ChatGPT Mods — mmjmcfaejolfbenlplfoihnobnggljij
- ChatGPT search history, locate specific messages — ChatGPT Mods — ipjgfhcjeckaibnohigmbcaonfcjepmb
- ChatGPT Timestamp Display — ChatGPT Mods — afjenpabhpfodjpncbiiahbknnghabdc
- ChatGPT Token counter — ChatGPT Mods — hfdpdgblphooommgcjdnnmhpglleaafj
- ChatGPT model switch, save advanced model uses — ChatGPT Mods — pfgbcfaiglkcoclichlojeaklcfboieh
- ChatGPT voice download, TTS download — ChatGPT Mods — območbankihdfckkbfnoglefmdgmblcld (original: obdobankihdfckkbfnoglefmdgmblcld)
- Collapsed message — ChatGPT Mods — lechagcebaneoafonkbfkljmbmaaoaec
- Multi-Profile Management & Switching — ChatGPT Mods — nhnfaiiobkpbenbbiblmgncgokeknnno
- Search with ChatGPT — ChatGPT Mods — hpcejjllhbalkcmdikecfngkepppoknd