MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers · Rebora
Skip to content
×
Get in touch
Send us a note and we’ll follow up. Or email us directly at<br>info@rebora.io.
Name Email Company Message
Something went wrong sending your message. Please email us directly at<br>info@rebora.io.
Cancel
Send<br>→
Thanks! We’ll be in touch.
Your message is on its way. We’ll follow up at the email you provided.
Close
← Blog<br>MaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers<br>How SiderAI and MaxAI agentic side panel extensions are vulnerable to severe cross-site vulnerabilities, allowing attackers to compromise browsers easily and entirely
GW GB Gal Weizman, Gal Bashan · June 10, 2026 · 6 min read<br>security browser extensions AI agentic<br>Share<br>Executive Summary
Rebora Security Research has discovered two critical vulnerabilities in SiderAI & MaxAI Chrome extensions.
The extensions are supported by every Chrome-like browser and are jointly installed across more than 10,000,000 devices.
SiderAI features in the “Chrome Web Store Top 25 Popular Extensions” chart.
Abusing these vulnerabilities allows attackers to compromise all browser sessions across any website, leading to the leakage of sensitive information, the invocation of arbitrary commands, and even account takeover. Furthermore, there was a potential risk of stealing files from the underlying operating system.
Attempts to contact the vendors regarding these vulnerabilities failed. Given the high severity, we decided to make this information public so users are aware of the risk.
Additionally, as the official owner of the Chrome Web Store, Google’s security teams were informed of this.
To do so, visit the following links. If they include a “Remove” button, that means you have them installed and that you should remove them:
https://chromewebstore.google.com/detail/sider-chat-with-all-ai-gp/difoiogjjojoaoomphldepapgpbgkhkb
https://chromewebstore.google.com/detail/maxai-ask-ai-anything-as/mhnlakgilnojmhinhkckjpncpbhabphi
To dive deeper into the technical aspects of this research, refer to MaXSS / Spyder technical blogs.
Intro
Rebora Security Research found two significant vulnerabilities impacting millions of browser users. These vulnerabilities were found in two different Chrome extension agentic side panels - a new breed of AI-driven products.
In this blog post, we’ll cover agentic side panels and their popularity. Then, we’ll introduce our security research on two of them and present two critical flaws we found. These flaws can allow attackers to completely compromise browsers.
The vulnerabilities, found in SiderAI & MaxAI and which were dubbed “Spyder” & “MaXSS” (accordingly), were both disclosed to the vendors as part of a responsible process of securing millions of users. Neither vendor ever replied, making these products still vulnerable to their current public versions.
Eventually, we’ll discuss our conclusions and how these findings shaped our perception of endpoint posture security.
What are agentic side panels?
It’s hard to keep track of every new breed of AI-driven product that comes to life. One in particular that gained significant focus in the past few years is Chrome extension agentic side panels.
Agentic side panels aspire to enhance your browsing experience by leveraging AI.
The idea manifests as a browser extension that injects code into any website users visit. Then, across those sites, users can enable the extension’s side panel, which lets them navigate the site using AI. Meaning, it can help you understand its contents by summarizing it, reasoning about images embedded on the site, asking questions about it, or prompting you to perform actions using AI.
The value these extensions provide in the browser goes beyond just the side panel. For example, by visiting their web app, the user can access more advanced features that rely less on website-specific context.
With over 7,000,000 installations, Claude in Chrome is an example of an agentic side panel most people would be familiar with. However, as it turns out, there are alternatives with even more installations.
In this research, we focused on two specifically:
SiderAI
10,000,000 installations (Chrome & Edge stores)
MaxAI
1,000,000 installations (Chrome & Edge stores)
How are agentic side panels implemented?
Agentic side panels are standard Chrome extensions that are composed of a few dominant components, mainly a content-script and the background process.
Each website the user visits is injected with a content-script by the extension. That’s the component that has access to what the user sees and can tell the extension what to summarize, what to modify, and what content can be acted upon.
The background process is like the extension’s backend. By sending/receiving messages to/from the different content-scripts, it’s basically the...