Chrome Extensions Steal AI Chats; Android Dolby Codec Gets Critical Patch

Malicious Chrome Extensions Steal ChatGPT and DeepSeek AI Chats from 900,000 Users

• Two Chrome extensions, "ChatGPT for Google" and "Quick access for ChatGPT," were found actively stealing user data, including session tokens and chat histories, from ChatGPT and DeepSeek AI services.
• The extensions employed obfuscated JavaScript code to intercept API responses, effectively compromising over 900,000 users' sensitive information by collecting session cookies.
• Users are urged to review installed extensions, remove suspicious ones, and change credentials for affected AI services if these extensions were previously installed.

Source: The Hacker News | Date: January 05, 2026

Google Patches Critical Dolby Decoder Vulnerability on Android Devices

• Google released security updates for Android devices addressing a critical Dolby Decoder vulnerability that could enable remote code execution via specially crafted audio files.
• This flaw, affecting devices utilizing Dolby codecs, posed a significant risk as it could allow attackers to execute arbitrary code on vulnerable Android systems.
• Users are advised to immediately install the January 2026 Android security updates to protect their devices from potential exploitation.

Source: Security Affairs | Date: January 05, 2026

References

1. Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users - The Hacker News
2. Critical Dolby Codec Vulnerability Exposes Android Devices to Code Execution Attacks - Cybersecurity News
3. Google fixes critical Dolby Decoder bug in Android January update - Security Affairs