Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label ai browser. Show all posts
Data Safety User Data
ai browser AI technology Browser Security Browser Session Hijacking Chrome Extensions Critical Flaws Cyber Security Data Safety User Data

Critical Flaws in SiderAI and MaxAI Chrome Extensions Expose Millions to Browser Hijacking

 

Over ten million people might face major online threats following the discovery of severe weaknesses in two common AI-based Chrome add-ons, SiderAI and MaxAI. Though designed to assist with summaries and automated tasks, these tools were found carrying dangerous bugs - dubbed “Spyder” and “MaXSS” - by analysts at Rebora Security during a routine check of such software. Once exploited, either flaw lets unauthorized parties hijack active browsing activities. 

Information saved on sites, along with files on personal devices, may become reachable without permission. While built for convenience through side panels and smart responses, their broad adoption across Chromium-linked browsers amplifies how far harm could spread. Despite appearing helpful, the underlying structure allows invasive access when misused. One of the leading tools on the Chrome Web Store, SiderAI sits in the top quarter of all extensions by popularity. 

A recent analysis revealed flaws in how SiderAI and MaxAI managed data flow between sites and their inner workings, especially involving content scripts. Although these scripts should serve as controlled messengers - keeping site code apart from backend logic - the boundaries blurred in practice. Messages sent by web pages entered without sufficient checks. Because verification steps were missing, untrusted inputs could move deeper into the system than intended. A flaw in MaxAI allowed harmful sites to transmit manipulated data directly to its content script. 

Though meant to relay information, the system passed these signals onward - into the background process - with little checking. Because of this gap, unauthorized users gained access to powerful functions. Hidden tabs appeared without warning, snapshots of screens were captured, site interactions occurred - all while riding on logged-in accounts. Security weakened when trust was misplaced across internal components. Testing revealed researchers gaining entry to live Gmail and Google Calendar sessions, pulling confidential data while leaving no trace. 

What made the Spyder vulnerability in SiderAI alarming was its ability to mimic real user behavior - clicks, typing - all within integrated browser windows. A compromised site, using this loophole, might load Google Gemini unseen, harvest ongoing AI dialogues, then send them outward. Detection during such an event remained unlikely. What happens because of these flaws goes well past messages or chat tools. 

Through them, hackers might grab login codes, see private correspondence, change files, while acting like the victim on many sites. Sometimes, the broad access given to such add-ons lets intruders reach data saved directly on a person's device. What stands out most is how little effort an attacker needs - just opening a harmful webpage can trigger the flaw. Because of this low barrier, threats can spread fast without clear signs. 

After uncovering the problem, Rebora Security reached out to the creators of the affected tools; silence followed. With no reply, the details eventually appeared online, while a heads-up also went to Google. Should SiderAI or MaxAI appear in a user's browser, removal is urgent. This case brings attention to rising risks tied to artificial intelligence add-ons - especially those collecting sensitive online behavior. 

When apps gain deep access to personal information, careful review of their privileges becomes unavoidable. Security grows more complex as these tools spread across everyday browsing routines.
Read more »
Technology
ai browser Data Exposure Digital Security Neo browser Technology

Neo AI Browser: How Norton’s AI-Driven Browser Aims to Change Everyday Web Use

 


Web browsers are increasingly evolving beyond basic internet access, and artificial intelligence is becoming a central part of that shift. Neo, an AI-powered browser developed by Norton, is designed to combine browsing, productivity tools, and security features within a single platform. The browser positions itself as a solution for users seeking efficiency, privacy control, and reduced online distractions.

Unlike traditional browsers that rely heavily on cloud-based data processing, Neo stores user information directly on the device. This includes browsing history, AI interactions, and saved preferences. By keeping this data local, the browser allows users to decide what information is retained, synchronized, or removed, addressing growing concerns around data exposure and third-party access.

Security is another core component of Neo’s design. The browser integrates threat protection technologies intended to identify and block phishing attempts, malicious websites, and other common online risks. These measures aim to provide a safer browsing environment, particularly for users who frequently navigate unfamiliar or high-risk websites.

Neo’s artificial intelligence features are embedded directly into the browsing experience. Users can highlight text on a webpage to receive simplified explanations or short summaries, which may help when reading technical, lengthy, or complex content. The browser also includes writing assistance tools that offer real-time grammar corrections and clarity suggestions, supporting everyday tasks such as emails, reports, and online forms.

Beyond text-based tools, Neo includes AI-assisted document handling and image-related features. These functions are designed to support content creation and basic processing tasks without requiring additional software. By consolidating these tools within the browser, Neo aims to reduce the need to switch between multiple applications during routine work.

To improve usability, Neo features a built-in ad blocker that limits intrusive advertising. Reducing ads not only minimizes visual distractions but can also improve page loading speeds. This approach aims to provide a smoother and more focused browsing experience for both professional and casual use.

Tab management is another area where Neo applies automation. Open tabs are grouped based on content type, helping users manage multiple webpages more efficiently. The browser also remembers frequently visited sites and ongoing tasks, allowing users to resume activity without manually reorganizing their workspace.

Customization plays a role in Neo’s appeal. Users can adjust the browser’s appearance, create shortcuts, and modify settings to better match their workflow. Neo also supports integration with external applications, enabling notifications and tool access without leaving the browser interface.

Overall, Neo reflects a broader trend toward AI-assisted browsing paired with stronger privacy controls. By combining local data storage, built-in security, productivity-focused AI tools, and performance optimization features, the browser presents an alternative approach to how users interact with the web. Whether it reshapes mainstream browsing habits remains to be seen, but it underlines how AI is steadily redefining everyday digital experiences.



Read more »
Subscribe to: Posts (Atom)