Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

ExporTheft: 11 "AI Chat Exporter" Chrome extensions upload full chat content on PDF export, while the store listing says "No uploads to external servers"

0
Medium
Published: 07/13/2026 (07/13/2026, 23:18:54 UTC)
Source: Reddit NetSec

Description

A family of 11 Chrome extensions named "AI Chat Exporter" falsely claim in their store listings that no chat data is uploaded to external servers and that all processing is local. However, during PDF export, these extensions send the full chat content to a developer-controlled cloud backend. Other export formats leak partial chat data via usage beacons. The extensions also track users across devices using a persistent client ID stored in Chrome sync storage. Approximately 5,500 users are affected on the main extension. This behavior contradicts the stated privacy claims and exposes sensitive chat content to unauthorized external servers.

Reddit Discussion

r/netsec·posted by u/Huge-Skirt-6990
00

Family of 11 same-codebase extensions (ChatGPT/Claude/Gemini/etc), ~5.5k users on the main one. Sold as local-only: the store listing says "No uploads to external servers," "Everything processed locally," "No tracking or telemetry."

Observed in the tested version:

  • PDF export POSTs the full conversation to the developer's Cloud Run backend. A local renderer is bundled but only runs as a fallback.
  • Markdown/Text/JSON exports beacon title + source URL to /api/usage. The title is derived from your first message, so it can contain chat content.
  • Every request carries an X-Client-ID in chrome.storage.sync, so it follows you across machines.

Detection + full writeup: https://malext.io/reports/ExporTheft/

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/14/2026, 00:17:32 UTC

Technical Analysis

The "AI Chat Exporter" Chrome extensions, which share a common codebase, advertise local-only processing with no data uploads. Analysis shows that when exporting chats as PDFs, the full conversation is POSTed to a cloud backend controlled by the developer, despite a local renderer being bundled but only used as fallback. Markdown, text, and JSON exports send partial chat content via usage beacons. A persistent X-Client-ID stored in chrome.storage.sync enables user tracking across devices. This constitutes a privacy violation and potential data exfiltration contrary to the extensions' store listing claims.

Potential Impact

Users of these extensions have their full chat conversations uploaded to an external server without consent during PDF exports, exposing potentially sensitive information. Partial chat data is also leaked during other export formats. The persistent client ID enables cross-device tracking of users, further compromising privacy. This undermines user trust and may lead to unauthorized data disclosure.

Mitigation Recommendations

No official patch or remediation guidance is provided in the available data. Users should immediately uninstall these extensions to prevent further data leakage. Avoid using these extensions for exporting sensitive chat content. Monitor for updates from the extension developers or the Chrome Web Store regarding removal or fixes. Patch status is not yet confirmed — check the vendor advisory or Chrome Web Store notices for current remediation guidance.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
netsec
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a55801668715ace43247226

Added to database: 07/14/2026, 00:17:26 UTC

Last enriched: 07/14/2026, 00:17:32 UTC

Last updated: 07/14/2026, 03:40:25 UTC

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses