{"id":232903,"date":"2026-03-10T03:20:38","date_gmt":"2026-03-10T08:20:38","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/03\/chrome-extension-turns-malicious-after-ownership-transfer-enabling-code-injection-and-data-theft"},"modified":"2026-03-10T03:20:38","modified_gmt":"2026-03-10T08:20:38","slug":"chrome-extension-turns-malicious-after-ownership-transfer-enabling-code-injection-and-data-theft","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/03\/chrome-extension-turns-malicious-after-ownership-transfer-enabling-code-injection-and-data-theft","title":{"rendered":"Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft"},"content":{"rendered":"

<\/a><\/p>\n

Interestingly, the original extension developer has published<\/a> several<\/a> other<\/a> extensions<\/a> under their name on the Chrome Web Store, and all of them have received a Featured badge. The developer also has an account on ExtensionHub<\/a>, although no extensions are currently listed for sale. What\u2019s more, the individual has attempted<\/a> to sell domains like \u201cAIInfraStack[.]com\u201d for $2,500, stating the \u201cstrong keyword domain\u201d is \u201crelevant for [sic] rapidly growing AI ecosystem.\u201d<\/p>\n

\u201cThis is the extension supply chain problem in a nutshell,\u201d Annex Security said. \u201cA \u2018Featured,\u2019 reviewed, functional extension changes hands, and the new owner pushes a weaponized update to every existing user.\u201d<\/p>\n

The disclosure comes as Microsoft warned of the malicious Chromium\u2011based browser extensions<\/a> that masquerade as legitimate AI assistant tools to harvest LLM chat histories and browsing data.<\/p>\n","protected":false},"excerpt":{"rendered":"

Interestingly, the original extension developer has published several other extensions under their name on the Chrome Web Store, and all of them have received a Featured badge. The developer also has an account on ExtensionHub, although no extensions are currently listed for sale. What\u2019s more, the individual has attempted to sell domains like \u201cAIInfraStack[.]com\u201d for [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1492],"tags":[],"class_list":["post-232903","post","type-post","status-publish","format-standard","hentry","category-robotics-ai","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232903","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=232903"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232903\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=232903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=232903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=232903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}