HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Malicious Chrome Extension Masquerading as Perplexity Exfiltrates User Searches and Address Bar Input

A Chrome extension posing as the Perplexity AI search tool silently logged every user query and address‑bar keystroke, sending the data to an attacker‑controlled server before returning legitimate results. The incident underscores the need for strict third‑party software controls and security‑awareness training to meet SOC 2 privacy and security requirements.

LiveThreat™ Intelligence · 📅 June 30, 2026· 📰 thehackernews.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
thehackernews.com

Malicious Chrome Extension Masquerading as Perplexity Exfiltrates User Searches and Address Bar Input

What Happened — Microsoft discovered a Chrome extension published under the name “Perplexity AI” that silently captured every search query and every character typed into the browser’s address bar. The extension forwarded this data to an attacker‑controlled server before redirecting the user to the legitimate search results. Google removed the extension after Microsoft’s responsible disclosure.

Why It Matters for Compliance & Audit Readiness

  • The incident illustrates a failure to control third‑party software, a core requirement of SOC 2’s Security and Privacy criteria.
  • Continuous monitoring of approved extensions and evidence of policy enforcement are essential audit artifacts to demonstrate due diligence.
  • Security awareness training that highlights the risks of unvetted browser add‑ons helps satisfy the Risk Management expectations of a SOC 2‑ready program.

Who Is Affected — Enterprises with employees using Chrome browsers, particularly SaaS‑heavy tech, professional services, and any organization that allows personal extensions on corporate devices.

Recommended Actions

  • Inventory all installed browser extensions and enforce an approved‑list policy.
  • Deploy endpoint protection that can block unsigned or unapproved extensions.
  • Update security awareness curricula to include a module on malicious browser add‑ons and supply‑chain risks.
  • Enable network‑level monitoring for anomalous outbound traffic to unknown domains.

Technical Notes — The extension operated as a Chrome Web Store package, required only standard install permissions, and exfiltrated data via HTTPS to a command‑and‑control server. No CVE was involved; the threat vector is malicious software distribution through a trusted marketplace. Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/06/malicious-perplexity-chrome-extension.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →