Xbox

Google Chrome fails users again by letting malicious Perplexity extension slip through

bekir July 2, 2026 4 min read 16 views

Gamers who have installed the Perplexity AI extension in Google Chrome should pause and verify that they’re using the official version, not a rogue copy. Microsoft’s Defender Security Research Team uncovered a malicious variant titled “Search for perplexity ai” that covertly logs every keystroke. Although the extension has been pulled from the Chrome Web Store, users who previously added it remain vulnerable.

Analysis: The discovery underscores the ongoing threat of typosquatting and the importance of scrutinizing browser add‑ons, especially as AI‑powered tools grow in popularity. It also highlights a gap in the Chrome Web Store’s vetting process, prompting both users and developers to adopt stricter verification practices.

According to Microsoft, the suspect extension reroutes all traffic through a typosquatted domain rather than the legitimate perplexity.ai site, effectively siphoning user data.

During installation, the malware requested the chrome_settings_overrides permission, allowing it to set itself as the default search engine and thereby capture every query entered into the URL bar.

It also obtained the declarativeNetRequest permission, enabling it to redirect requests to an attacker‑controlled server and rewrite URLs—capabilities that were unnecessary for its intended function.

What tipped off security researchers was the extension’s bundled server‑side infrastructure code, exposing the full attack architecture. The identity of the operator behind the malicious domain remains unknown, and Microsoft has not disclosed further details.

To verify whether the Perplexity add‑on is installed on your browser, open the chrome://extensions/ page and toggle Developer mode on.

If you spot a Perplexity extension, click on its details and examine the ID. A legitimate ID will differ from the malicious one listed below.

Should the ID read flkebkiofojicogddingbdmcmkpbplcd, this is a confirmed threat and must be removed immediately. While you’re in the extensions panel, take the opportunity to delete any other add‑ons you no longer use or trust.

Google’s current screening mechanisms have proven inadequate, allowing malware to slip through the store’s approval pipeline. Users who install extensions without verifying their authenticity risk exposing their systems to potential data theft or performance degradation. It’s a stark reminder that even popular platforms can harbor hidden threats, and proactive maintenance of browser extensions is essential for safeguarding digital privacy.

❓ Frequently Asked Questions (FAQ)

How can I tell if my Perplexity AI extension is the legitimate version or a malicious copy?

Check the publisher listed in the Chrome Web Store and verify the extension’s ID. The official Perplexity AI extension is published by ‘Perplexity.ai’ and has a unique ID that matches the one on the official website. A rogue copy will have a different publisher name, a suspicious ID, or be listed under a typosquatted domain such as "search for perplexity ai". Additionally, review the permissions requested; the legitimate extension should not ask for chrome_settings_overrides or declarativeNetRequest unless absolutely necessary.

What steps should I take if I already installed the malicious Perplexity extension?

Immediately remove the extension from Chrome: go to chrome://extensions/, locate the suspicious entry, and click "Remove." Then run a full system scan with an up-to-date antivirus or Microsoft Defender to detect any residual malware. Clear your browser cache and reset any default search engine settings that may have been altered. Finally, reinstall the official extension from the verified Chrome Web Store link and double‑check the publisher details before enabling it.

Why did Google Chrome fail to block this malicious extension, and what can users do to prevent future incidents?

The incident highlights a gap in the Chrome Web Store’s vetting process, where typosquatted or malicious extensions can slip through if they mimic legitimate names closely. Users can mitigate risk by always installing extensions from verified publishers, scrutinizing permission requests, and keeping their browser and security software updated. Developers should also adopt stricter verification practices, such as signing extensions and publishing detailed security disclosures, to help Chrome’s automated checks identify potential threats more effectively.

News Source: Neowin

Community

Comments

Be the first to comment.

Leave a Comment

Your email address will not be published. Required fields are marked *