Chromium extension spoofs AI brand to hijack searches
🔍 Microsoft Threat Intelligence discovered a malicious Chromium extension impersonating Perplexity AI to intercept Omnibox queries and real-time search suggestions. The extension used MV3, declarativeNetRequest rules, and a typosquatted domain (perplexity-ai[.]online) to route searches through attacker infrastructure before redirecting to expected providers. Google removed the extension after responsible disclosure. Microsoft provides indicators, dynamic analysis findings, and mitigation guidance.
