Overview Security researchers at Rebora Security have uncovered two critical vulnerabilities — Spyder and MaXSS — in popular Chrome extensions SiderAI and MaxAI, exposing over 10 million users to potential browser compromise. These AI‑powered “agentic side panel” tools, designed to enhance browsing through automation and summaries, have become gateways for attackers to hijack browser sessions and steal sensitive data.
Vulnerability Breakdown
| Extension | Vulnerability Name | Impact | Risk Level |
|---|---|---|---|
| SiderAI | Spyder | Simulated clicks and keystrokes → AI data leak | Critical |
| MaxAI | MaXSS | Privileged actions via crafted messages → session takeover | Critical |
Both flaws stem from insecure communication between web pages and extension content scripts. These scripts, meant to isolate websites from extension logic, failed to validate incoming messages — allowing malicious sites to trigger privileged actions.
Attack Scenarios
In the case of MaxAI, attackers could send crafted messages to the extension’s content script, which then forwarded them to the background process without verification. This enabled:
- Hidden tab creation and screenshot capture.
- Account interaction on services like Gmail and Google Calendar.
- Sensitive data exfiltration without user awareness.
For SiderAI, the Spyder flaw allowed attackers to simulate user actions across embedded sessions — opening services like Google Gemini and extracting private AI conversation data. This represents a complete breakdown of browser trust boundaries.
Impact and Scale
Attackers can read emails, steal authentication tokens, manipulate documents, and execute actions on behalf of users across virtually any website. In some cases, extension permissions even grant access to local files on the underlying operating system.
Most concerning is that no user interaction is required beyond visiting a malicious webpage — making the attack vector stealthy and highly scalable.
Defensive Recommendations
Security experts advise users to:
- Remove SiderAI and MaxAI immediately from Chrome and compatible browsers.
- Audit installed extensions for unverified AI‑powered tools.
- Restrict extension permissions to minimize data access.
- Monitor browser sessions for unexpected tab openings or background actions.
- Enable site isolation and sandboxing to reduce cross‑site attack impact.
Expert in the Cloud Insight
The SiderAI and MaxAI incidents highlight a new frontier in cybersecurity — AI‑integrated browser extensions as attack surfaces. As AI tools become embedded in everyday workflows, endpoint security must extend beyond traditional antivirus and network defense to include browser extension auditing.
For security leaders, this is a wake‑up call: browser trust is fragile. Every extension with AI capabilities should be treated as a potential endpoint agent — subject to the same scrutiny as enterprise applications.
Leave a Reply