Malicious Chrome Extension Intercepts User Data

A malicious Chrome extension, posing as the AI search engine Perplexity, has been found intercepting user searches and address bar inputs, reports The Hacker News. This extension routed data through an attacker-controlled server before redirecting users to legitimate results. Google has since removed the extension following responsible disclosure by Microsoft, highlighting the ongoing risks associated with browser extensions.

Why this matters for UK organisations

For UK businesses, this incident underscores the importance of managing browser extensions to prevent data leaks and compromise sensitive information. Such vulnerabilities can lead to significant security breaches, necessitating strict policies on extension usage and regular audits to identify potential risks. Ensuring that only authorized extensions are used can help mitigate these threats.

What to review

Organisations should conduct regular audits of installed browser extensions and enforce strict policies on their usage. Educating users about the risks associated with unauthorized extensions and implementing technical controls to prevent their installation can help protect against data interception and other security threats.

Source: The Hacker News