Jump to content
  • Google Chrome fails users again by letting malicious Perplexity extension slip through

    Karlston

    • 69 views
    • 3 minutes
     Share


    • 69 views
    • 3 minutes

    Google has failed users again after it let a malicious Perplexity extension into the Chrome Web Store. It's gone now but a manual uninstall is needed.

    If you have Perplexity AI installed in Google Chrome as an extension, then you need to double-check that it’s the official app and not one of the third-party apps. The reason is that Microsoft’s Defender Security Research Team has found that one of these extensions, called “Search for perplexity ai” is actually malware and secretly records what users are typing. While this discovery led to the extension's removal from the Chrome Web Store, users who installed it are still at risk.

     

    According to Microsoft, the extension sends your traffic through a typosquatted domain rather than the legitimate perplexity.ai. Upon install, it also requested the chrome_settings_overrides permission to allow it to become your default search engine, ensuring it captured everything you search for in the URL bar.

     

    Additionally, it also got permission for declarativeNetRequest, which allowed it to send off your requests to its dodgy server, which the attackers controlled. The permission also allowed the extension to perform traffic redirection and URL rewriting. The extension didn’t need this permission.

     

    Here is what Microsoft says the extension does:

    1. User enters search query into the Omnibox.
    2. Browser request routed to perplexity-ai[.]online.
    3. Server logs full request: query string, HTTP headers, user-agent, and source IP address.
    4. suggest_url captures real-time keystrokes during typing (before Enter is pressed)
    5. Ruleset executes redirect.
    6. User is delivered to selected search provider.

    Another thing that gave away the extension as being malicious was that it shipped with its own server-side infrastructure code, which gave away the entire attack architecture. What we still don’t know is who the operator of this extension and malicious domain is. Microsoft didn’t share this information.

     

    To check whether you have this installed, go to chrome://extensions/ and enable Developer mode. If you see a Perplexity extension, check the ID. If it’s “flkebkiofojicogddingbdmcmkpbplcd”, then you need to remove it as it is malicious. While you’re on this page, please remove any other extensions that you do not need. As we have seen, Google isn’t great at screening extensions that appear on the Chrome Web Store, and plenty of malware appears, so if you don’t need or trust extensions explicitly, then they shouldn’t be on your system.

     

    Via: Malwarebytes

     

    Source


    Hope you enjoyed this news post. Feedback welcome.

    Posted Thursday 2 July 2026 at 12:12 pm AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of June) 2,475

    RIP Matrix

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...