The AI Hijack: New CometJacking Attack Steals Your Data By Turning Perplexity's Browser Extension Against You    

Chapter 1: The Trojan Assistant — When Your AI Tool Becomes a Spy

Browser extensions, especially AI-powered assistants, operate on a foundation of trust. We grant them powerful permissions to "read and change data on websites you visit" so they can provide us with contextual help, summaries, and answers. But this trust creates a massive security risk. A single vulnerability in a highly-privileged extension can turn it from a helpful assistant into a malicious spy. This is precisely the case with a new attack vector we are calling **"CometJacking,"** which targets the popular Perplexity AI browser extension. This is a critical reminder of the dangers we analyzed in our broader report on **malicious AI Chrome extensions**.

Chapter 2: Threat Analysis — The Vulnerability in the Perplexity Extension

The conceptual flaw at the heart of the CometJacking attack is a **vulnerability in the extension's content script**. A content script is the part of an extension that runs directly on the webpages you visit.

The Exploit:

1. The Flaw:** The Perplexity content script has a listener that accepts messages from the webpage, but it fails to properly validate the *origin* of these messages.
2. **The Exploit:** A malicious website can use an `iframe` and a `postMessage` call to send a crafted, malicious JavaScript payload directly to the vulnerable content script.
3. **Privilege Escalation:** The content script, trusting the message, executes this malicious payload. The attacker's code is now running not with the limited privileges of a normal webpage, but with the highly elevated privileges of the Perplexity extension itself.

Chapter 3: The Kill Chain — From a Single Click to Full Data Exfiltration

The attack is simple, stealthy, and devastating.

1. **The Lure:** You click on a malicious link from a phishing email or a compromised website.
2. **The Trigger:** The moment the malicious page loads, it silently sends the exploit payload to your installed Perplexity extension.
3. **The Data Theft:** The malicious code, now running with the extension's privileges, uses those permissions to access your other open tabs. It can identify a tab with a valuable title (like "Outlook Inbox" or "Salesforce Dashboard"), read the entire HTML content of that page, and send it to a remote server controlled by the attacker.
4. **The Impact:** Your private emails, confidential customer data, or any other sensitive information you had open in your browser has now been stolen, and you are completely unaware that it happened.

Chapter 4: The Defender's Playbook — Immediate Mitigation Steps

Until Perplexity issues an official patch, you must take proactive steps to protect yourself.

Step 1: Disable the Perplexity Extension Immediately

This is the only 100% effective mitigation.

1. In your Chrome-based browser, type `chrome://extensions` into the address bar.
2. Find the Perplexity AI extension in the list.
3. Use the toggle switch to disable it, or click "Remove" to uninstall it completely.

Step 2: Audit All Extension Permissions

Use this event as a security check-up. Go through your list of extensions. For each one, click "Details" and review its permissions. Be critical. Does a simple "Screenshot Tool" really need permission to "read and change all your data on all websites"? If the permissions seem excessive, remove the extension and find a more privacy-respecting alternative.

Step 3: Practice Good Tab Hygiene

As a general best practice, avoid keeping tabs with highly sensitive information (like your email, CRM, or banking portal) open in the background while you are browsing the web. This reduces your potential exposure if any of your extensions are ever compromised.