Over 260,000 users installed fake AI Chrome extensions that used iframe injection to steal browser and Gmail data, exposing serious enterprise security risks.