AI is only increasing that threat, especially when it comes to tracking user data -- and some of your most commonly used apps are doing a lot of the scraping. New research from data removal service Incogni finds that more than half of a sample set of AI Chrome extensions collect user data. Almost a third are "gathering personally identifiable information (PII)."
There are a bunch of browser extensions that do this already (eg Redirect Path from Ayima is one I see a lot in screenshots, and CSP is very different from redirects, so I don't understand the connection). I don't recall a time when I ran into something like this causing SEO issues which weren't also visible to average users in their browsers.
The tools were designed to intercept users' ChatGPT session authentication tokens and send them to a remote server, but they don't exploit ChatGPT vulnerabilities to do so. Instead, they inject a content script into chatgpt.com and execute it in the MAIN JavaScript world. The script monitors outbound requests initialized by the web application, to identify and extract authorization headers and send them to a second content script, which exfiltrates them to the remote server.
