Malicious Chrome Extension Masquerading as Perplexity Exfiltrates User Searches and Address Bar Input
What Happened — Microsoft discovered a Chrome extension published under the name “Perplexity AI” that silently captured every search query and every character typed into the browser’s address bar. The extension forwarded this data to an attacker‑controlled server before redirecting the user to the legitimate search results. Google removed the extension after Microsoft’s responsible disclosure.
Why It Matters for Compliance & Audit Readiness
- The incident illustrates a failure to control third‑party software, a core requirement of SOC 2’s Security and Privacy criteria.
- Continuous monitoring of approved extensions and evidence of policy enforcement are essential audit artifacts to demonstrate due diligence.
- Security awareness training that highlights the risks of unvetted browser add‑ons helps satisfy the Risk Management expectations of a SOC 2‑ready program.
Who Is Affected — Enterprises with employees using Chrome browsers, particularly SaaS‑heavy tech, professional services, and any organization that allows personal extensions on corporate devices.
Recommended Actions
- Inventory all installed browser extensions and enforce an approved‑list policy.
- Deploy endpoint protection that can block unsigned or unapproved extensions.
- Update security awareness curricula to include a module on malicious browser add‑ons and supply‑chain risks.
- Enable network‑level monitoring for anomalous outbound traffic to unknown domains.
Technical Notes — The extension operated as a Chrome Web Store package, required only standard install permissions, and exfiltrated data via HTTPS to a command‑and‑control server. No CVE was involved; the threat vector is malicious software distribution through a trusted marketplace. Source: The Hacker News