rebora.io via Reddit

SiderAI, MaxAI Extensions Unpatched, 10M Users at Risk

cybersecurity cybersecurity browser-extensions

Key insights

  • Spyder (SiderAI, 10 million installs) lets any malicious webpage invisibly embed and gesture-control arbitrary sites to steal account data.
  • MaXSS (MaxAI, 1 million installs) lets hostile webpages command the extension background to open tabs, screenshot, and steal authentication tokens.
  • Both vendors failed to respond to disclosure attempts, leaving Rebora to publish without coordinated patches in place.

Why this matters

Browser extensions with millions of installs operate at maximum privilege within the browser, making a content-script trust failure a systemic risk across every authenticated site a user visits. Spyder and MaXSS demonstrate that AI-integrated extensions have introduced a cross-site attack surface that existing browser security models do not automatically prevent. With no patch available and both vendors non-responsive, users of SiderAI and MaxAI face live credential theft risk on Gmail, Google Calendar, Claude, and ChatGPT.

Summary

Two unpatched AI browser extensions expose over 10 million users to silent account takeover, with both vendors unreachable during responsible disclosure. Rebora's Gal Weizman and Gal Bashan named the flaws Spyder (SiderAI, 10 million installs) and MaXSS (MaxAI, 1 million installs), both abusing the extension content-script layer to let hostile sites access Gmail, Google Calendar, ChatGPT, and Gemini accounts without user interaction. Essentially: (SiderAI, MaxAI) built content-scripts that forward hostile webpage commands directly to privileged extension background processes. - Spyder embeds any site invisibly and simulates clicks and keystrokes on it. - MaXSS commands MaxAI's background to open tabs, take screenshots, and steal authentication tokens. - Rebora published after vendor contact failed; Google's security team was separately notified. No patch exists for either extension as of the June 10, 2026 disclosure.

Potential risks and opportunities

Risks

  • Users of SiderAI and MaxAI face live credential theft across Gmail, Google Calendar, Claude, ChatGPT, and Gemini accounts until patches are released or extensions removed.
  • SiderAI and MaxAI face reputational and regulatory exposure as AI extension vendors whose products left over 10 million users vulnerable with no documented patch response.
  • Google faces pressure to strengthen Chrome Web Store content-script vetting; both extensions also cleared Edge store review with these flaws intact.

Opportunities

  • Browser extension security auditors gain a high-profile case study that enterprise IT teams can use to justify mandatory extension vetting policies.
  • Security vendors specializing in browser extension analysis can position Spyder- and MaXSS-class content-script flaws as a new audit category for the expanding AI browser extension market.
  • Operators of Claude, Gemini, and ChatGPT have standing to push browser vendors for stricter content-script message-passing standards to protect their authenticated users.

What we don't know yet

  • Whether SiderAI or MaxAI have silently released patched versions since the June 10, 2026 publication, and which version numbers users should verify.
  • Whether the demonstrated file-system reading capability in the attack scenarios applies to all OS configurations or only specific browser setups.
  • No data on whether these vulnerabilities were known to threat actors before Rebora's disclosure, leaving the exploitation timeline unknown.

Originally reported by rebora.io

Read the original article →

Original headline: SiderAI (10M Installs) and MaxAI (1M Installs) Chrome Extensions Left Unpatched With UXSG and UXSS Vulnerabilities — Vendors Unresponsive