{"id":13756,"date":"2026-06-20T10:04:23","date_gmt":"2026-06-20T10:04:23","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/20\/chrome-extensions-critical-flaws-let-attackers-easily-compromise-millions-of-browsers\/"},"modified":"2026-06-20T10:04:23","modified_gmt":"2026-06-20T10:04:23","slug":"chrome-extensions-critical-flaws-let-attackers-easily-compromise-millions-of-browsers","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/20\/chrome-extensions-critical-flaws-let-attackers-easily-compromise-millions-of-browsers\/","title":{"rendered":"Chrome Extensions\u2019 Critical Flaws Let Attackers Easily Compromise Millions of Browsers"},"content":{"rendered":"<p>    Chrome Extensions\u2019 Critical Flaws Let Attackers Easily Compromise Millions of Browsers<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">Critical security flaws discovered in widely used <a href=\"https:\/\/cybersecuritynews.com\/16-malicious-chrome-extensions-as-chatgpt-enhancements\/\" target=\"_blank\" rel=\"noreferrer noopener\">Chrome extensions<\/a> SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems.<\/p>\n<p class=\"wp-block-paragraph\">Security researchers at Rebora Security uncovered vulnerabilities dubbed \u201cSpyder\u201d and \u201cMaXSS\u201d affecting AI-powered \u201cagentic side panel\u201d extensions.<\/p>\n<p class=\"wp-block-paragraph\">These tools, designed to enhance browsing through AI-driven summaries and automation, are installed on more than 10 million devices across Chrome-compatible browsers.<\/p>\n<p class=\"wp-block-paragraph\">Notably, SiderAI ranks among the top 25 extensions on the Chrome Web Store, highlighting the scale of exposure.<\/p>\n<p class=\"wp-block-paragraph\">The vulnerabilities stem from insecure handling of communication between web pages and the extension\u2019s internal components, particularly content scripts.<\/p>\n<h2 id=\"h-vulnerabilities-in-chrome-extensions\" class=\"wp-block-heading\"><strong>Vulnerabilities in Chrome extensions<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">In Chrome extensions, content scripts act as intermediaries between websites and the extension\u2019s background processes.<\/p>\n<p class=\"wp-block-paragraph\">While they are supposed to enforce strict isolation, both SiderAI and MaxAI failed to validate inputs received from web pages properly.<\/p>\n<p class=\"wp-block-paragraph\">In the case of MaxAI, researchers found that <a href=\"https:\/\/cybersecuritynews.com\/openclaw-0-click-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">malicious websites<\/a> could send crafted messages to the extension\u2019s content script, which would then forward them to the background process without proper verification.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"youtube-embed\" data-video_id=\"0YpjtMvVOao\"><iframe loading=\"lazy\" title=\"MaXSS - MaxAI Chrome Extension Vulnerability\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/0YpjtMvVOao?feature=oembed&amp;enablejsapi=1\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div>\n<\/figure>\n<p class=\"wp-block-paragraph\">This effectively allowed attackers to execute privileged actions such as opening hidden tabs, capturing screenshots, and interacting with user accounts.<\/p>\n<p class=\"wp-block-paragraph\">In a demonstrated attack scenario, researchers accessed <a href=\"https:\/\/cybersecuritynews.com\/gemini-zero-click-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">Gmail and Google Calendar sessions <\/a>and extracted sensitive information without user awareness.<\/p>\n<p class=\"wp-block-paragraph\">Similarly, the Spyder vulnerability in SiderAI enabled attackers to simulate user interactions such as clicks and keystrokes across embedded web sessions.<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"youtube-embed\" data-video_id=\"JWTjwKIXM88\"><iframe loading=\"lazy\" title=\"Spyder - SiderAI Chrome Extension Vulnerability\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/JWTjwKIXM88?start=11&amp;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div>\n<\/figure>\n<p class=\"wp-block-paragraph\">By abusing this capability, a malicious site could silently open services like <a href=\"https:\/\/cybersecuritynews.com\/google-gemini-vulnerability-exploited\/\" target=\"_blank\" rel=\"noreferrer noopener\">Google Gemini,<\/a> extract private AI conversation data, and leak it externally. This represents a severe breakdown of browser trust boundaries.<\/p>\n<p class=\"wp-block-paragraph\">The impact of these flaws is extensive. Attackers could read emails, steal authentication tokens, manipulate documents, and execute actions on behalf of the user across virtually any website.<\/p>\n<p class=\"wp-block-paragraph\">In some cases, the permissions granted to these extensions could even allow access to local files on the underlying operating system.<\/p>\n<p class=\"wp-block-paragraph\">One of the most concerning aspects is that exploitation requires no user interaction beyond visiting a malicious webpage. This makes the attack vector both stealthy and highly scalable.<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/rebora.io\/blog\/spyder-and-maxss-chrome-extension-vulnerabilities-put-millions-at-risk#maxai\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Rebora researchers reported the issues<\/a> to the extension vendors, but received no response. Due to the severity, the findings were publicly disclosed, and Google, as the operator of the Chrome Web Store, was also notified.<\/p>\n<p class=\"wp-block-paragraph\">Users are strongly advised to verify whether SiderAI or MaxAI are installed in their browsers and remove them immediately if present.<\/p>\n<p class=\"wp-block-paragraph\">The incident underscores growing risks associated with AI-integrated browser extensions. It highlights how endpoint security is becoming a critical battleground in the evolving threat landscape.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 91%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/chrome-extensions-critical-vulnerabilities\/\">Chrome Extensions\u2019 Critical Flaws Let Attackers Easily Compromise Millions of Browsers<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/chrome-extensions-critical-vulnerabilities\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chrome Extensions\u2019 Critical Flaws Let Attackers Easily Compromise Millions of Browsers Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems. Security researchers at Rebora Security uncovered vulnerabilities dubbed [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[768,129,63,648],"tags":[130],"class_list":["post-13756","post","type-post","status-publish","format-standard","hentry","category-chrome","category-cyber-security","category-cyber-security-news","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13756"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13756"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13756\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13756"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}