"The tools were designed to intercept users' ChatGPT session authentication tokens and send them to a remote server, but they don't exploit ChatGPT vulnerabilities to do so. Instead, they inject a content script into chatgpt.com and execute it in the MAIN JavaScript world. The script monitors outbound requests initialized by the web application, to identify and extract authorization headers and send them to a second content script, which exfiltrates them to the remote server."
""This approach allows the extension operator to authenticate to ChatGPT services using the victim's active session and obtain all users' history chats and connectors," LayerX notes. The cybersecurity company explains that the content scripts in the MAIN JavaScript enable the attacker to interact directly with the page's native runtime, instead of relying on the browser's content-script environment. The analyzed extensions were also seen exfiltrating extension metadata, usage telemetry and event data, and access tokens issued by the backend and used by the extension service."
"Marketed as ChatGPT enhancement and productivity tools, the extensions have a combined download count of over 900, and they were still available through the official marketplaces as of January 26, LayerX says. The tools were designed to intercept users' ChatGPT session authentication tokens and send them to a remote server, but they don't exploit ChatGPT vulnerabilities to do so. Instead, they inject a content script into chatgpt.com and execute it in the MAIN JavaScript world."
Sixteen malicious browser extensions published to Chrome and Edge stores were designed to steal users' ChatGPT session authentication tokens and data. Fifteen extensions appeared on the Chrome Web Store and one on the Microsoft Edge Add-ons marketplace, with combined downloads exceeding 900 and availability as of January 26. The extensions inject a content script into chatgpt.com and execute it in the MAIN JavaScript world to monitor outbound requests, identify authorization headers, and forward them to a second content script that exfiltrates them to a remote server. The operator could authenticate to ChatGPT services using victims' active sessions and access chat histories and connectors. The extensions also exfiltrated metadata, telemetry, event data, and backend-issued access tokens, enabling persistent identification and long-lived third-party access.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]