The bottom line: A fake Perplexity extension in Chrome completely redirected user inputs and search queries to an attacker-controlled server before forwarding the requests.
Microsoft has identified a malicious Chrome extension that impersonated AI search engine Perplexity and routed all search queries and address bar inputs to an attacker-controlled server.
The extension operated as a man-in-the-middle: every search query and every character users typed into the address bar was first routed to the attacker’s server before being forwarded to the actual target domain. This allowed the operator to log all inputs – from sensitive search queries to domain names to credentials or other confidential information.
Microsoft disclosed the vulnerability responsibly. Google subsequently removed the extension from the Chrome Web Store. The discovery underscores a well-known attack pattern: cybercriminals register trusted-sounding names and symbols to trick users into downloading malicious extensions.
For CISOs, this variant represents an escalation of the browser extension threat. Unlike traditional malware, it does not only operate locally but sends all web activities to external servers. Enforcement of extension policies and regular audits of installed browser plugins should therefore be part of the endpoint security strategy.
Source: thehackernews.com · Published 29 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification via Lumi News Pipeline v1.7.2.