Do Son 
Rebora Security Research recently uncovered severe Chrome extension vulnerabilities. These critical flaws impact two widely used AI tools: SiderAI and MaxAI. Currently, users have installed these popular extensions on over ten million devices. Therefore, this massive user base faces unprecedented security risks. Specifically, the researchers named these newly discovered flaws Spyder and MaXSS. Ultimately, they allow malicious actors to compromise user browsers completely.
The Rise of Agentic Side Panels
Recently, AI-driven browser tools have gained immense popularity globally. Users love the convenience of having an AI assistant readily available. As the Rebora report clearly states, “Agentic side panels aspire to enhance your browsing experience by leveraging AI.” To achieve this, these extensions inject specialized code directly into the websites you visit. Consequently, you can summarize long articles or ask contextual questions seamlessly. However, this deep browser integration creates very dangerous security boundaries. When developers fail to secure these boundaries, millions of users become instant targets.
Popular AI Tools Under Fire
SiderAI boasts over ten million installations across various browser platforms. In fact, it features prominently in the elite top charts of the Chrome Web Store. Meanwhile, MaxAI has successfully reached over one million active users. Both of these productivity tools rely heavily on internal content scripts to function properly. Essentially, these scripts act as vital mediators between the viewing webpage and the extension’s backend background process. This background process holds significant permissions to control the browser environment. Therefore, any security lapse here provides attackers with a golden opportunity.
Unpacking the Dangerous MaXSS Flaw
The researchers found severe mediator abuse occurring in both extensions. In MaxAI, the Chrome extension vulnerabilities manifest explicitly as the MaXSS flaw. Surprisingly, the content script accepts highly sensitive messages directly from any visiting webpage. It fails to sanitize or validate these incoming requests properly. Consequently, sneaky attackers can force the extension to execute arbitrary system commands. For instance, they can open hidden browser tabs silently in the background. Moreover, they can capture private screenshots of your emails without your permission. This complete lack of input validation breaks the fundamental security model of the browser.
The Stealthy Spyder Exploit
Similarly, SiderAI suffers from an equally devastating vulnerability known as Spyder. This particular tool often embeds arbitrary websites to provide quick AI summaries. However, cunning attackers can synthesize artificial digital events to mimic genuine user actions. Thus, they can force invisible typing or clicking gestures on any connected site. For example, hackers can easily dump and steal a victim’s private AI chat history. After stealing the data, they can quietly leak the shareable links to external servers. Because everything happens in the background, the user remains completely unaware of the data theft.
The Severe Impact on Everyday Users
Frighteningly, these sophisticated exploits require absolutely no active user interaction. You simply need to visit a compromised or malicious website. Once the page loads, the silent attack sequence begins instantly. As a result, the potential damage to individuals and organizations is catastrophic. The official report warns, “Abusing these vulnerabilities allows attackers to compromise all browser sessions across any website, leading to the leakage of sensitive information, the invocation of arbitrary commands, and even account takeover.”
A Widespread and Growing Blast Radius
The security researchers strongly emphasize the sheer, terrifying scale of this active threat. The report notes, “The extensions are supported by every Chrome-like browser and are jointly installed across more than 10,000,000 devices.” Furthermore, the broader cybersecurity community closely monitors similar architectural issues like CVE-2024-6778, CVE-2024-5836, and CVE-2025-31995. These related CVEs constantly highlight the ongoing, systemic risks of complex browser integrations. Currently, the extension vendors have sadly not patched these specific Chrome extension vulnerabilities. Therefore, security experts firmly advise all users to remove SiderAI and MaxAI immediately. Protect your digital privacy by carefully auditing your installed browser tools today.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
