ExporTheft: 11 "AI Chat Exporter" Chrome extensions upload full chat content on PDF export, while the store listing says "No uploads to external servers"
A family of 11 Chrome extensions named "AI Chat Exporter" falsely claim in their store listings that no chat data is uploaded to external servers and that all processing is local. However, during PDF export, these extensions send the full chat content to a developer-controlled cloud backend. Other export formats leak partial chat data via usage beacons. The extensions also track users across devices using a persistent client ID stored in Chrome sync storage. Approximately 5,500 users are affected on the main extension. This behavior contradicts the stated privacy claims and exposes sensitive chat content to unauthorized external servers.
AI Analysis
Technical Summary
The "AI Chat Exporter" Chrome extensions, which share a common codebase, advertise local-only processing with no data uploads. Analysis shows that when exporting chats as PDFs, the full conversation is POSTed to a cloud backend controlled by the developer, despite a local renderer being bundled but only used as fallback. Markdown, text, and JSON exports send partial chat content via usage beacons. A persistent X-Client-ID stored in chrome.storage.sync enables user tracking across devices. This constitutes a privacy violation and potential data exfiltration contrary to the extensions' store listing claims.
Potential Impact
Users of these extensions have their full chat conversations uploaded to an external server without consent during PDF exports, exposing potentially sensitive information. Partial chat data is also leaked during other export formats. The persistent client ID enables cross-device tracking of users, further compromising privacy. This undermines user trust and may lead to unauthorized data disclosure.
Mitigation Recommendations
No official patch or remediation guidance is provided in the available data. Users should immediately uninstall these extensions to prevent further data leakage. Avoid using these extensions for exporting sensitive chat content. Monitor for updates from the extension developers or the Chrome Web Store regarding removal or fixes. Patch status is not yet confirmed — check the vendor advisory or Chrome Web Store notices for current remediation guidance.
ExporTheft: 11 "AI Chat Exporter" Chrome extensions upload full chat content on PDF export, while the store listing says "No uploads to external servers"
Description
A family of 11 Chrome extensions named "AI Chat Exporter" falsely claim in their store listings that no chat data is uploaded to external servers and that all processing is local. However, during PDF export, these extensions send the full chat content to a developer-controlled cloud backend. Other export formats leak partial chat data via usage beacons. The extensions also track users across devices using a persistent client ID stored in Chrome sync storage. Approximately 5,500 users are affected on the main extension. This behavior contradicts the stated privacy claims and exposes sensitive chat content to unauthorized external servers.
Reddit Discussion
Family of 11 same-codebase extensions (ChatGPT/Claude/Gemini/etc), ~5.5k users on the main one. Sold as local-only: the store listing says "No uploads to external servers," "Everything processed locally," "No tracking or telemetry."
Observed in the tested version:
- PDF export POSTs the full conversation to the developer's Cloud Run backend. A local renderer is bundled but only runs as a fallback.
- Markdown/Text/JSON exports beacon title + source URL to /api/usage. The title is derived from your first message, so it can contain chat content.
- Every request carries an X-Client-ID in chrome.storage.sync, so it follows you across machines.
Detection + full writeup: https://malext.io/reports/ExporTheft/
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The "AI Chat Exporter" Chrome extensions, which share a common codebase, advertise local-only processing with no data uploads. Analysis shows that when exporting chats as PDFs, the full conversation is POSTed to a cloud backend controlled by the developer, despite a local renderer being bundled but only used as fallback. Markdown, text, and JSON exports send partial chat content via usage beacons. A persistent X-Client-ID stored in chrome.storage.sync enables user tracking across devices. This constitutes a privacy violation and potential data exfiltration contrary to the extensions' store listing claims.
Potential Impact
Users of these extensions have their full chat conversations uploaded to an external server without consent during PDF exports, exposing potentially sensitive information. Partial chat data is also leaked during other export formats. The persistent client ID enables cross-device tracking of users, further compromising privacy. This undermines user trust and may lead to unauthorized data disclosure.
Mitigation Recommendations
No official patch or remediation guidance is provided in the available data. Users should immediately uninstall these extensions to prevent further data leakage. Avoid using these extensions for exporting sensitive chat content. Monitor for updates from the extension developers or the Chrome Web Store regarding removal or fixes. Patch status is not yet confirmed — check the vendor advisory or Chrome Web Store notices for current remediation guidance.
Technical Details
- Source Type
- Subreddit
- netsec
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a55801668715ace43247226
Added to database: 07/14/2026, 00:17:26 UTC
Last enriched: 07/14/2026, 00:17:32 UTC
Last updated: 07/14/2026, 03:40:25 UTC
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.