AI Chrome Extensions SiderAI and MaxAI Expose 10M Users

Two AI-powered Chrome extensions with over 10 million combined installations contain vulnerabilities that let attackers fully compromise browser sessions. Researchers at Rebora Security discovered the flaws, dubbed Spyder and MaXSS, affecting SiderAI (a top-25 Chrome Web Store extension) and MaxAI.

Exploitation requires no user interaction beyond visiting a malicious webpage. The extension developers did not respond to disclosure attempts.

How the Attacks Work

Both vulnerabilities target the "agentic side panel" functionality that lets these AI assistants interact with browser content and user accounts.

MaxAI (MaXSS vulnerability): Malicious websites can send crafted messages to the extension's content script, which forwards them to background processes without verification. This allows attackers to:

• Open hidden browser tabs
• Capture screenshots
• Access user accounts across any logged-in service
• Read and modify documents

SiderAI (Spyder vulnerability): Attackers can simulate user interactions like clicks and keystrokes within the extension's embedded web sessions. This enables:

• Silently launching services like Google Gemini
• Extracting private conversation data
• Accessing email content
• Manipulating local files

The attacks are stealthy. Users see no indication that their browser has been compromised while visiting what appears to be a normal website.

Why AI Extensions Are Uniquely Risky

AI browser assistants require broad permissions to function. They need to read page content, access user sessions, and interact with services on the user's behalf. Those same permissions make them devastating attack vectors when compromised.

Traditional extensions might steal data from the sites they have permission to access. AI assistants often have cross-site access and can perform actions across multiple services simultaneously. A compromised AI extension is effectively a compromised browser.

We've seen similar risks with JetBrains plugins where AI functionality created new attack surfaces. The pattern will continue as AI integration spreads across developer tools and productivity software.

Vendor Non-Response

Rebora researchers reported the vulnerabilities through standard disclosure channels. Neither SiderAI nor MaxAI developers responded. Given the severity, researchers publicly disclosed their findings and notified Google directly.

As of publication, both extensions remain available on the Chrome Web Store with no indication they've been patched. Users should assume these extensions are compromised until vendors confirm fixes.

Recommendations

1. Remove these extensions immediately. The risk isn't theoretical. Any malicious website can exploit these flaws.

2. Audit your extension list. Many users accumulate extensions without regular review. Check what you have installed and what permissions each extension holds.

3. Prefer extensions with limited scopes. Extensions requesting access to "all sites" should require strong justification. AI assistants often request these broad permissions by default.

4. Consider browser profiles. Isolate sensitive activities (banking, corporate access) in browser profiles without extensions installed.

5. Watch for behavioral changes. If your browser starts opening unexpected tabs or you notice unusual account activity, extension compromise should be on your diagnostic list.

The broader lesson: installing an extension means trusting that developer with significant access to your digital life. The AI gold rush has flooded extension marketplaces with hastily-built tools that prioritize features over security. For guidance on evaluating software safety, see our online safety tips.