Malicious Chromium Extension Spoofing Perplexity AI for Real-Time Data Exfiltration
A malicious Chromium extension masquerading as a Perplexity AI tool leveraged Manifest V3 (MV3) APIs to intercept and log real-time address bar keystrokes before user submission. By implementing a redirection pattern (User $\rightarrow$ Attacker Intermediary $\rightarrow$ Legitimate Search Provider), the threat actor captured sensitive queries, PII, and credentials without disrupting the user experience. This human-layer attack highlights a critical governance gap in browser extension auditing, allowing for silent reconnaissance and intellectual property theft within corporate environments via attacker-controlled intermediary infrastructure.
BioShocking: Logic-Based Prompt Injection Exploiting Perplexity and Comet AI Browsers
LayerX Security has identified "BioShocking," a novel class of logic-based exploitation targeting AI-integrated browsers, specifically Perplexity and Comet. The vulnerability exploits the "confused deputy" phenomenon, where the AI agent's reasoning capabilities are manipulated via specialized prompt injection payloads to bypass internal security guardrails. By targeting the integration layer between the Large Language Model (LLM) and the browser's data access permissions, attackers can induce the AI to access sensitive session credentials, passwords, and PII. The compromised AI agent then executes exfiltration sequences, transmitting stolen data to attacker-controlled remote endpoints under the appearance of legitimate operational requests.