| Yeah parts of the article would still be as valid if this was about regular extensions. The main difference is that AI extension, by design, send the content of the pages you browse to a server. A malicious "calculator" extension could also send all the content to a server, and extension users don't really have an idea of what each extension is actually doing. So skip the "Malware posing as AI browser extension" section, it's same kind of security issues as a malware calculator extension. The legitimate AI extension's problems are more interesting. Article wastes a bit more time on other security issues you get from using AI LLM in general. Those apply whether you're using a browser extension or chat.openai.com directly. The valid point that applies to narrowly AI browser extension are: 1) it could send sensitive data you wouldn't have sent otherwise. Most people would know what they're doing when they explicitly paste the stuff on chat.openai.com. But when it's now automated via the extension DOM scraping, it's a bit harder to realize how much you're giving away. 2) And the hidden text prompt injection. That's interesting as now your attacker could be the website you browse, if you have configured too many plugins (Zapier plugin giving access to your email) These 2 parts of TFA are imo novel security issues that only exist with AI browser extension, and are interesting. |