Malicious Chrome Extension Intercepted User Data

Microsoft has identified a malicious Chrome extension that posed as the AI search engine Perplexity. This extension secretly logged search queries and user inputs in the address bar. All entered data was redirected through a server controlled by attackers before users were directed to the actual search results. The discovery was made as part of Microsoft's ongoing efforts in cybersecurity. The company's security researchers found that the extension was distributed through the official Chrome Web Store.

Following the responsible disclosure of the vulnerability, Google acted quickly and removed the extension from the store. The malicious extension had the capability to log not only search queries but also any characters users entered in the address bar. This poses a significant risk to user privacy, as sensitive information could be intercepted. Microsoft has urged users to review their installed extensions and uninstall any suspicious applications. The vulnerability has been classified as serious not only by Microsoft but also by other security researchers.

The exact number of affected users is currently unknown; however, it is estimated that thousands of users had installed the extension before it was removed. Microsoft has not released specific figures regarding the affected users. Incidents like this highlight the challenges users face regarding the security of browser extensions. Many users are unaware of the risks associated with installing extensions. Experts recommend installing only extensions from trusted developers and regularly reviewing the permissions of installed extensions.

The vulnerability has also raised questions about the responsibility of platforms like the Chrome Web Store. Critics are calling for stricter controls and reviews of extensions to prevent similar incidents in the future. Google has previously taken measures to enhance security in the Chrome Web Store, but the effectiveness of these measures remains questionable. Microsoft has also advised users to keep their security software up to date to protect against such threats. The use of antivirus programs and firewalls can help detect and block malicious software.

Security researchers also recommend regularly performing software updates to close known security vulnerabilities. The removal of the malicious extension from the Chrome Web Store occurred on June 28, 2026, one day after the disclosure by Microsoft. Google has announced plans to further strengthen security measures in the store to better protect users. However, the specific nature of the security measures to be implemented has not been specified. Microsoft plans to provide further information on security risks and best practices for using browser extensions in the coming weeks. The security situation remains tense, and users should stay vigilant to protect their data.