108 Malicious Chrome Extensions Were Hiding in Plain Sight
108 extensions. 20,000 installs. One shared server quietly stealing Google identities and Telegram sessions across every page. Why the browser is the new perimeter.

On April 19, 2026, Vercel — one of the world's most widely used web-infrastructure platforms — disclosed a security breach. The entry point wasn't a zero-day or a brute-force attack. It was a third-party AI tool called Context.ai that an employee had connected to their work account.
Here's the chain: attackers compromised Context.ai and used that access to take over the employee's Google Workspace account, which opened a path into Vercel's internal systems and environment variables. Variables marked "sensitive" were stored encrypted and weren't accessed; non-sensitive variables were exposed. The richer origin story is the instructive part for SMBs: reporting traces the Context.ai compromise to a February 2026 Lumma Stealer infection on a Context.ai employee's machine — browser history showed them downloading Roblox auto-farm scripts and game exploits — and the Vercel employee had granted Context.ai "Allow All" permissions using a corporate account. An employee chasing game cheats helped lead to a breach at a billion-dollar platform.
The threat actor demonstrated operational speed and a detailed understanding of Vercel's internal systems. Vercel engaged Google-owned Mandiant and law enforcement. An actor using the ShinyHunters name claimed responsibility and listed the data for $2 million — but the real ShinyHunters group denied involvement, and Google Threat Intelligence assessed the claimant as likely an imposter. None of the claimant's data claims have been independently verified.
Your team is using AI tools — productivity assistants, code helpers, analytics integrations. Every one is a potential entry point. When an employee connects a third-party AI app to Google Workspace, Microsoft 365, or internal systems, they extend your attack surface whether IT knows it or not. IBM's 2024 Cost of a Data Breach Report put the global average breach cost at $4.88 million, and for SMBs the relative consequences are often worse.
The harder truth: your MSP likely isn't protecting you from this. Most handle patching, backups, and helpdesk tickets — not auditing which OAuth applications your employees authorized, monitoring your Workspace admin logs for suspicious activity, or hunting for credentials exfiltrated through a third-party integration. That requires dedicated security expertise, not an IT generalist.
Vercel can hire Mandiant, engage law enforcement, and weather the fallout. Most SMBs can't. One compromised AI tool, one employee's Google account, and suddenly an attacker has a foothold. This is the 2026 threat landscape — and the businesses that get ahead of it are the ones with proactive, dedicated coverage. (See also our companion piece on vendor metadata risk.)
Want to know what's connected to your Google Workspace right now? We audit the OAuth grants and AI tools your team has authorized — the exposure most providers never look at.