SECURITYTHE HACKER NEWS
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Microsoft discovered a malicious Chrome extension posing as the AI search engine Perplexity, which logged user searches and address bar input by routing them through an attacker-controlled server before redirecting to real results. Google removed the extension after responsible disclosure.
Related Signal
Adjacent reporting
- Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
- 119 Edge extensions promised useful tools, instead downloaded malware
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- GitHub says internal repos exfiltrated after poisoned VS Code extension attack