Published in Security Week, click here to read the entire article.
SquareX has shown how malicious browser extensions can impersonate AI sidebar interfaces.
Enterprise browser security firm SquareX has demonstrated how malicious browser extensions can impersonate AI sidebar interfaces for phishing and other nefarious purposes.
The attack method, named AI Sidebar Spoofing, has been demonstrated against Perplexity’s Comet and ChatGPT Atlas, OpenAI’s new web browser. However, SquareX contends this is a systemic flaw; not only AI browsers, but also Edge, Brave and Firefox, are susceptible.
AI sidebars are AI chat windows integrated into web browsers, typically displayed on the side of the screen, processing content on the current page or performing actions based on user prompts.
ChatGPT Atlas and Comet are dedicated AI browsers, but applications such as Edge and Chrome also integrate AI assistants powered by Copilot and Gemini. Firefox and Brave also have an AI sidebar, but they use third-party chatbots rather than having their own proprietary LLM.
SquareX researchers have shown how threat actors can spoof trusted AI sidebars in browsers by getting the targeted user to install a malicious browser extension. The extension can be created by the attacker from scratch and disguised as a harmless tool or it can be a legitimate extension that has been compromised and modified.
It’s worth noting that the malicious extension requires host and storage permissions, but the security firm pointed out that these are common permissions required by many popular extensions.
When the victim opens a new browser tab, the malicious extension injects JavaScript into the page to create a fake sidebar that is a perfect replica of the legitimate AI sidebar.