AI-powered browser extensions represent an undermonitored attack surface in enterprise Chromium-based environments (Chrome, Edge), capable of credential harvesting, session hijacking, and data exfiltration through browser-native APIs that bypass standard perimeter and EDR controls. A documented Chrome vulnerability detailed by Palo Alto Networks Unit 42 demonstrates concrete exploitation potential via Gemini Live session hijacking. Organizations should inventory extensions via Chrome Browser Cloud Management or Microsoft Intune, enforce allowlisting policies, and incorporate T1539, T1555, T1185, T1176, and T1567 into the threat model with browser extensions as the access vector.