Blab AI
Security Researchers Uncover Critical Vulnerabilities in Popular AI Chrome Extensions SiderAI and MaxAI
On June 20, 2026, Rebora Security revealed that two of Chrome’s most‑downloaded AI‑powered extensions—SiderAI and MaxAI—harbor severe security flaws that could let attackers hijack users’ browsing sessions. The weaknesses, dubbed "Spyder" in SiderAI and "MaXSS" in MaxAI, affect more than 10 million installations across Chrome and other Chromium‑based browsers.
SiderAI is a side‑panel assistant that brings models such as ChatGPT, Gemini, and Claude into the browser. MaxAI offers a similar sidebar and context‑menu interface for AI queries. Both extensions rank among the top 25 most popular on the Chrome Web Store, giving the flaws a vast attack surface.
The root cause lies in how the extensions handle data flow between web pages and their internal components. In a typical Chrome extension, content scripts run in the context of a web page and communicate with a background script that holds privileged permissions. The security model requires that messages from the page be validated before they reach the background process. Rebora’s analysis shows that SiderAI’s content script accepts messages without sufficient checks, allowing a malicious site to send crafted data that the background script would process as if it came from the extension itself. MaxAI’s background script, in turn, forwards unverified messages from its content script to privileged APIs, creating a similar path for exploitation.
When triggered, an attacker can create hidden tabs, capture screenshots, interact with logged‑in accounts, and read or modify data in Gmail, Google Calendar, and other services. The researchers demonstrated that they could access live Gmail and Calendar sessions without leaving a trace. Because the attacks rely on normal browsing activity, a single malicious webpage can activate the flaw.
Rebora Security reached out to the developers of SiderAI and MaxAI after discovering the issues. The developers did not respond, prompting the firm to publish the findings publicly while also notifying Google. Google’s response was not reported in the source material.
The discovery underscores the risks of AI‑based browser add‑ons that collect sensitive user data. The extensions’ design—blending AI assistance with direct access to web content—creates a high‑privilege environment that can be abused if the separation between page and background code is not strictly enforced.
Security experts recommend that users remove SiderAI or MaxAI from their browsers immediately. The extensions can be uninstalled through the browser’s extensions page. Users who rely on AI assistance should consider alternatives that have undergone independent security reviews.
The incident highlights the need for stricter scrutiny of browser extensions that handle personal data, especially those that integrate AI models. Chrome’s extension ecosystem currently hosts over 138 000 extensions, and the popularity of AI assistants is growing. As more developers add AI capabilities to browsers, the potential for similar vulnerabilities increases.
In the broader context, the findings add to a growing list of critical vulnerabilities in browser extensions that can lead to cross‑site scripting (XSS) and unauthorized data access. The security community is calling for better enforcement of content‑script isolation and mandatory validation of inter‑component messages in extension development.
No patches have been released by the extension developers. Users should monitor the Chrome Web Store and the extensions’ support channels for updates. Meanwhile, cybersecurity teams are advised to audit the permissions and data flows of any extensions that grant elevated browser privileges.
The situation remains fluid. If the developers respond or Google issues a mitigation, the risk profile may change. Until then, the most effective defense is to remove the vulnerable extensions and replace them with tools that have proven security practices.
SiderAI is a side‑panel assistant that brings models such as ChatGPT, Gemini, and Claude into the browser. MaxAI offers a similar sidebar and context‑menu interface for AI queries. Both extensions rank among the top 25 most popular on the Chrome Web Store, giving the flaws a vast attack surface.
The root cause lies in how the extensions handle data flow between web pages and their internal components. In a typical Chrome extension, content scripts run in the context of a web page and communicate with a background script that holds privileged permissions. The security model requires that messages from the page be validated before they reach the background process. Rebora’s analysis shows that SiderAI’s content script accepts messages without sufficient checks, allowing a malicious site to send crafted data that the background script would process as if it came from the extension itself. MaxAI’s background script, in turn, forwards unverified messages from its content script to privileged APIs, creating a similar path for exploitation.
When triggered, an attacker can create hidden tabs, capture screenshots, interact with logged‑in accounts, and read or modify data in Gmail, Google Calendar, and other services. The researchers demonstrated that they could access live Gmail and Calendar sessions without leaving a trace. Because the attacks rely on normal browsing activity, a single malicious webpage can activate the flaw.
Rebora Security reached out to the developers of SiderAI and MaxAI after discovering the issues. The developers did not respond, prompting the firm to publish the findings publicly while also notifying Google. Google’s response was not reported in the source material.
The discovery underscores the risks of AI‑based browser add‑ons that collect sensitive user data. The extensions’ design—blending AI assistance with direct access to web content—creates a high‑privilege environment that can be abused if the separation between page and background code is not strictly enforced.
Security experts recommend that users remove SiderAI or MaxAI from their browsers immediately. The extensions can be uninstalled through the browser’s extensions page. Users who rely on AI assistance should consider alternatives that have undergone independent security reviews.
The incident highlights the need for stricter scrutiny of browser extensions that handle personal data, especially those that integrate AI models. Chrome’s extension ecosystem currently hosts over 138 000 extensions, and the popularity of AI assistants is growing. As more developers add AI capabilities to browsers, the potential for similar vulnerabilities increases.
In the broader context, the findings add to a growing list of critical vulnerabilities in browser extensions that can lead to cross‑site scripting (XSS) and unauthorized data access. The security community is calling for better enforcement of content‑script isolation and mandatory validation of inter‑component messages in extension development.
No patches have been released by the extension developers. Users should monitor the Chrome Web Store and the extensions’ support channels for updates. Meanwhile, cybersecurity teams are advised to audit the permissions and data flows of any extensions that grant elevated browser privileges.
The situation remains fluid. If the developers respond or Google issues a mitigation, the risk profile may change. Until then, the most effective defense is to remove the vulnerable extensions and replace them with tools that have proven security practices.
