Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers
Cybersecurity NewsArchived Jun 19, 2026✓ Full text saved
Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems. Security researchers at Rebora Security uncovered vulnerabilities dubbed “Spyder” and “MaXSS” affecting AI-powered “agentic side panel” extensions. These tools, […] The post Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millio
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeChrome
Chrome Extensions’ Critical Flaws Let Attackers Easily Compromise Millions of Browsers
By Abinaya
June 19, 2026
Critical security flaws discovered in widely used Chrome extensions SiderAI and MaxAI are putting millions of users at risk, enabling attackers to fully compromise browser sessions and potentially access sensitive data across websites and local systems.
Security researchers at Rebora Security uncovered vulnerabilities dubbed “Spyder” and “MaXSS” affecting AI-powered “agentic side panel” extensions.
These tools, designed to enhance browsing through AI-driven summaries and automation, are installed on more than 10 million devices across Chrome-compatible browsers.
Notably, SiderAI ranks among the top 25 extensions on the Chrome Web Store, highlighting the scale of exposure.
The vulnerabilities stem from insecure handling of communication between web pages and the extension’s internal components, particularly content scripts.
Vulnerabilities in Chrome extensions
In Chrome extensions, content scripts act as intermediaries between websites and the extension’s background processes.
While they are supposed to enforce strict isolation, both SiderAI and MaxAI failed to validate inputs received from web pages properly.
In the case of MaxAI, researchers found that malicious websites could send crafted messages to the extension’s content script, which would then forward them to the background process without proper verification.
This effectively allowed attackers to execute privileged actions such as opening hidden tabs, capturing screenshots, and interacting with user accounts.
In a demonstrated attack scenario, researchers accessed Gmail and Google Calendar sessions and extracted sensitive information without user awareness.
Similarly, the Spyder vulnerability in SiderAI enabled attackers to simulate user interactions such as clicks and keystrokes across embedded web sessions.
By abusing this capability, a malicious site could silently open services like Google Gemini, extract private AI conversation data, and leak it externally. This represents a severe breakdown of browser trust boundaries.
The impact of these flaws is extensive. Attackers could read emails, steal authentication tokens, manipulate documents, and execute actions on behalf of the user across virtually any website.
In some cases, the permissions granted to these extensions could even allow access to local files on the underlying operating system.
One of the most concerning aspects is that exploitation requires no user interaction beyond visiting a malicious webpage. This makes the attack vector both stealthy and highly scalable.
Rebora researchers reported the issues to the extension vendors, but received no response. Due to the severity, the findings were publicly disclosed, and Google, as the operator of the Chrome Web Store, was also notified.
Users are strongly advised to verify whether SiderAI or MaxAI are installed in their browsers and remove them immediately if present.
The incident underscores growing risks associated with AI-integrated browser extensions. It highlights how endpoint security is becoming a critical battleground in the evolving threat landscape.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Hackers Abuse Steam Workshop Application Wallpapers to Hijack Active Steam Sessions
SecSuite – AI-powered Tool for OSINT, Web and API Security Testing
Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild
Cisco SD-WAN vManage Vulnerability Exploited in Zero-Day Attacks
Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses
Latest News
Cyber Security News
Critical WordPress Plugin Vulnerability Exposes 1 Million Sites to File Deletion Attacks
Press Release
eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks
Cyber Security
Microsoft June 2026 Update Bug Exposes Recycle Bin Filenames in Deletion Dialog
AWS
HazyBeacon Weaponizes AWS Lambda Function URLs for Stealth Command-and-Control Relays
Cyber Security News
Hackers Abuse Third-Party Okendo Reviews Script to Spread SmartApeSG Malware Campaign