Security researchers have identified critical vulnerabilities in two widely used Chrome extensions, SiderAI and MaxAI, which collectively have over 10 million installations. These flaws could allow attackers to fully compromise browser sessions and access sensitive user data.
The vulnerabilities, named “Spyder” and “MaXSS,” were discovered by Rebora Security in AI-powered extensions designed to enhance browsing through AI-driven summaries and automation. Notably, SiderAI ranks among the top 25 extensions on the Chrome Web Store, highlighting the scale of potential exposure.
Technical Details of the Vulnerabilities
In Chrome extensions, content scripts serve as intermediaries between web pages and the extension’s background processes. Proper validation of inputs from web pages is crucial to maintain security. However, both SiderAI and MaxAI failed to implement adequate input validation.
In the case of MaxAI, malicious websites could send crafted messages to the extension’s content script, which would then forward them to the background process without proper verification. This flaw allowed attackers to perform privileged actions such as opening hidden tabs, capturing screenshots, and interacting with user accounts. Demonstrations showed that attackers could access Gmail and Google Calendar sessions, extracting sensitive information without user awareness.
Similarly, the “Spyder” vulnerability in SiderAI enabled attackers to simulate user interactions like clicks and keystrokes across embedded web sessions. Exploiting this capability, a malicious site could silently open services like Google Gemini, extract private AI conversation data, and leak it externally. This represents a severe breakdown of browser trust boundaries.
Potential Impact and Recommendations
The implications of these vulnerabilities are extensive. Attackers could read emails, steal authentication tokens, manipulate documents, and execute actions on behalf of the user across virtually any website. In some cases, the permissions granted to these extensions could even allow access to local files on the underlying operating system.
One of the most concerning aspects is that exploitation requires no user interaction beyond visiting a malicious webpage, making the attack vector both stealthy and highly scalable.
Rebora Security reported the issues to the extension vendors but received no response. Due to the severity, the findings were publicly disclosed, and Google, as the operator of the Chrome Web Store, was also notified.
Users are strongly advised to check if SiderAI or MaxAI are installed in their browsers and remove them immediately if present. This incident underscores the growing risks associated with AI-integrated browser extensions and highlights the importance of rigorous security practices in extension development.
As browser extensions become more sophisticated, integrating advanced functionalities like AI, the attack surface for potential exploits expands. This case serves as a stark reminder for developers to prioritize security in the design and implementation of extensions. For users, it emphasizes the need for vigilance when installing and maintaining browser add-ons, especially those requiring extensive permissions.
