Perplexity Browser Extension Permissions: 4 Checks

Perplexity browser extension permissions are not a simple yes-or-no privacy question in 2026: Chrome appears narrower than Firefox at the manifest layer, yet a single optional all-sites grant can still decide whether an AI sidebar reads only Perplexity pages or can analyse almost any page you visit. I treat that contradiction as the real story, because the safest extension is not always the one with the fewest features. It is the one whose site access matches the work you actually need it to do.

This guide answers the Chrome permission question directly, then compares Firefox, Chrome, and Comet without flattening them into the same product. The current Chrome Web Store listing for Perplexity AI Companion identifies the extension, version, size, user count, and data-use declarations, while a June 2026 Chrome extension snapshot lists activeTab, scripting, and Perplexity domain host permissions. Firefox exposes its permission list more visibly: content blocking, tab access, Perplexity domain data access, and optional all-sites data access.

That difference matters to anyone installing Perplexity at work. In a browser, permission language is intentionally broad because the browser cannot know whether page summarisation, selected-text explanation, tab context, or domain-specific Q&A will expose a banking portal, a medical record, a customer dashboard, or a public news article. The practical answer is therefore measured rather than alarmist: use Perplexity extension access deliberately, restrict site-wide access when possible, and audit the extension again after major updates.

What Chrome Actually Requests in 2026

The clearest Chrome-specific answer is that the public Chrome Web Store page for Perplexity AI Companion does not show a full install-dialog permission string in the text captured by the store page, but it does confirm the extension identity, the owner-verification badge, version 1.0.21, a 1.29 MiB package size, and a workflow and planning category with roughly 400,000 users. Its listing also states that the developer disclosed no collection or use of user data, and that data is not sold or used outside the item’s core functionality.

For the manifest-level permission view, the most useful current snapshot I found was a Chrome-Stats ingestion dated 10 June 2026. It reported permissions of activeTab and scripting, with host permissions for the Perplexity web and WebSocket origins. That is meaningfully narrower than a default all-sites host permission. It also matches how a sidebar-style extension can behave: the extension can be invoked on the current active tab, inject or execute scripts when permitted, and communicate with Perplexity services.

Perplexity Browser Extension Permissions in Chrome

Chrome’s activeTab permission is designed as a least-privilege alternative to persistent access across the web. Google explains that activeTab gives temporary access to the active tab when the user invokes the extension and that access is revoked when the user navigates away or closes the tab. The scripting API documentation then adds the missing technical piece: a Manifest V3 extension that injects scripts needs the scripting permission plus either host permissions or activeTab.

During this evaluation, I treated that as a security-positive design, not a full privacy guarantee. activeTab reduces standing access, but it still gives the extension meaningful power on a page after a user gesture. If you click the extension while viewing a sensitive dashboard, the extension may receive page context needed to summarise or answer questions. That is not automatically malicious. It is the operating bargain of context-aware AI assistance.

Chrome Item	What It Allows	Practical Reading
activeTab	Temporary access to the active tab after the user invokes the extension	Lower standing risk than all-sites access, but still sensitive on private pages
scripting	Allows script injection or execution when paired with activeTab or host permission	Needed for page summaries and page-context actions
https://www.perplexity.ai/	Host access to Perplexity web pages	Expected for login, sidebar, and web app interaction
wss://www.perplexity.ai/	WebSocket communication with Perplexity services	Expected for live assistant sessions or streaming interactions
Chrome Web Store data disclosure	Developer states no collection or use of data in the listing	A disclosure is useful, but it is not a substitute for permission review

Users troubleshooting missing sidebars or blocked buttons should also check browser state, because extension conflicts are a common cause in this Perplexity troubleshooting guide.

How Firefox Shows the Same Risk More Plainly

Firefox makes the permission question more visible because the Mozilla Add-ons page lists required and optional permissions directly. As of the April 2026 Firefox listing, Perplexity version 1.0.1 required permission to block content on any page, access browser tabs, access data for perplexity.ai, and access data for www.perplexity.ai. The optional permission was access to data for all websites. The listing also said the developer reported that the extension does not require data collection.

The important distinction is that Firefox does not phrase the extension as simply an AI button. It shows the permissions as browser powers. Block content on any page can sound alarming, but it is common for extensions that need to modify page layout, hide elements, or run a sidebar experience. Access browser tabs can support tab identification, active-page awareness, or sidebar state. Perplexity-domain access is expected, because the extension must interact with the service it extends.

The optional all-websites permission is the boundary to watch. If you grant it, the extension may be able to read or change data across sites covered by that permission. For a page-summary feature, that may be exactly what you asked for. For a finance, legal, medical, HR, or customer-support tab, it may be too much. The safest rule is to treat all-websites access as a feature switch, not a default convenience.

Firefox Permission	Status	Plain-English Meaning
Block Content on Any Page	Required on Firefox	Can modify, hide, or inject interface elements on pages
Access Browser Tabs	Required on Firefox	Can inspect or interact with tab state needed for sidebar context
Access Data for perplexity.ai	Required on Firefox	Expected domain-level access for the Perplexity app
Access Data for www.perplexity.ai	Required on Firefox	Expected domain-level access for the main Perplexity website
Access Data for All Websites	Optional on Firefox	High-scope access that should be granted only when page-level features justify it

If a Firefox install begins to fail after permission changes, first rule out cache, VPN, and extension-state issues with these internal error checks.

What Site-Wide Access Actually Allows

Site-wide access is the permission phrase most likely to be misunderstood. It does not mean the extension has silently stolen every password in your browser. It means the browser has allowed the extension, within the scope of its code and declared capabilities, to read or change data on every matching site rather than only on Perplexity pages or only after a user gesture. That can include page text, selected content, visible DOM elements, form context, and page metadata. Browser rules, site isolation, password manager boundaries, operating-system controls, and the extension’s own implementation still matter.

Chrome gives users practical control after installation. Google’s Chrome Web Store Help says users can allow an extension to read and change site data when the extension is selected, on the current site, or on all sites. Chrome also lets users add or remove specific allowed sites from the extension details page. This is the setting that turns a broad permission into an operational policy.

For Perplexity, the correct setting depends on the task. If you only open Perplexity from the toolbar and ask general questions, on-click access or Perplexity-domain access is the more conservative choice. If you want one-click summaries of any article, the extension needs page context. If you expect the assistant to compare product pages, interpret web apps, or answer questions about the current domain, broader access becomes more useful and more sensitive.

Chrome Site Access Mode	Behaviour	Recommended Use
When You Select the Extension	Access is activated by a user action for the current tab or window	Best default for cautious individual users
On Current Site	The extension can automatically read and change data on one approved site	Useful for trusted research sites or internal knowledge portals
On Specific Sites	A curated allowlist defines where the extension can operate	Best enterprise compromise for repeat workflows
On All Sites	The extension can automatically read and change data on websites you visit	Only appropriate where page-wide AI assistance is a core need

Speed-focused users can pair safer site settings with efficient invocation, including the workflows covered in the keyboard shortcut guide.

Comet Changes the Permission Model

Comet should not be analysed as just another extension. Perplexity’s Comet browser is built on Chromium, which means it supports most Chrome Web Store extensions, but it also has its own assistant layer. The Comet help centre says users should install extensions through the Chrome Web Store and review extension ratings, permissions, and developer reputation before installing. That advice is basic, but it is exactly the right starting point because Chromium compatibility imports the Chrome extension risk model into Comet.

Comet Assistant adds a second model of access. Perplexity’s privacy and data-use help page says that, by default, Comet Assistant does not access or upload browsing history, the full list of open tabs, cookies or site data, passwords and autofill data, local files, or input typed on websites unless the user explicitly sends it in a request. It also says Comet sends data only when a request requires it, such as summarising the current tab, extracting selected text, completing a task that needs email or calendar access, or using @tab context. When page content, history items, or open-tab context are needed, Perplexity says this context may be stored for up to 30 days for Library and query-history features.

That framing is privacy-aware, but it also confirms the central trade-off. The more useful the browser assistant becomes, the more context it may need from the browser surface. TechCrunch reported Aravind Srinivas describing the browser as a path to “infinite retention” and a “cognitive operating system.” Those phrases explain why permissions are strategic, not incidental: the browser is where search, page context, and user intent meet.

Enterprise Comet adds stronger controls. Perplexity’s enterprise pages describe domain blocking, browser approvals, task limits for agents, MDM deployment, audit logs, and security controls developed with CrowdStrike. In the March 2026 changelog, Perplexity said enterprise administrators can configure hundreds of browser policies and control exactly which actions the AI agent can take. That is the governance version of the same user question: what can this assistant see, where can it act, and who approved it?

Mobile users comparing the app and Comet browser can use this iPhone setup guide to separate search-app permissions from browser-assistant behaviour.

Pricing, Limits, and Governance Context

Pricing belongs in a permissions article because access controls change by plan. A free or individual user mainly decides whether to grant a browser extension access. An enterprise buyer decides whether Browser Agent queries, file repositories, connectors, audit logs, SSO, SCIM, and data-retention policy create a controlled workflow or an unmanaged data path. Perplexity’s current plan comparison lists Free, Pro, Education Pro, Max, Enterprise Pro, Enterprise Max, and API access as distinct products.

The public Perplexity help centre lists Free with practically unlimited basic searches, three Pro Searches per day, and one Research query per month. Pro and Education Pro get weekly Pro Search limits for average use, monthly Create limits, advanced models, image generation, and up to 50 file uploads per Space. Max raises the ceiling for advanced use and costs $200 monthly or $2,000 annually on the web. Enterprise Pro starts at $40 per month or $400 per year per seat, while Enterprise Max is $325 per month or $3,250 per year per seat. The enterprise landing page expresses annual billing as lower monthly equivalents, which is why readers may see $34 and $271 per seat when billed annually.

The hidden limit is scope, not just price. Enterprise Pro gets 400 Pro Searches weekly, 50 Research queries monthly, 80 Browser Agent queries monthly, and 100 weekly thread file uploads. Enterprise Max lists 4,000 weekly Pro Searches, 500 Research queries monthly, 800 Browser Agent queries monthly, 1,000 weekly thread file uploads, 10,000 personal repository files, 5,000 files per Space, and 15 monthly videos. API access is separate: Perplexity’s Search API is $5 per 1,000 requests, and Sonar models have token and request fees. Enterprise web seats do not automatically include API access.

Plan	Price	Confirmed Limits or Scope	Best Fit
Free	$0	3 Pro Searches/day; 1 Research query/month; no Browser Agent queries	Light use and evaluation
Pro	Consumer paid plan	Weekly Pro Search limits for average use; monthly Create limits; advanced models; up to 50 files per Space	Individual research and page assistance
Education Pro	$10/month with verification	Pro feature set with education positioning	Students and educators
Max	$200/month or $2,000/year	Advanced-use limits; early access; Brain preview; higher support tier	Power users and heavy researchers
Enterprise Pro	$40/month or $400/year per seat	400 Pro Searches/week; 50 Research/month; 80 Browser Agent/month; 100 thread uploads/week	Teams needing admin controls
Enterprise Max	$325/month or $3,250/year per seat	4,000 Pro Searches/week; 500 Research/month; 800 Browser Agent/month; 10,000 personal files	High-volume enterprise research
API and Sonar	Pay as you go	Search API $5 per 1,000 requests; Sonar token and request fees vary by model and context	Developers and custom workflows

For a wider consumer-plan comparison, the site’s Pro vs Free comparison is useful, but official Perplexity documentation should remain the source of record for exact 2026 limits.

Security Evidence From 2026 Extension Research

The strongest argument for auditing Perplexity browser extension permissions is not that Perplexity is uniquely risky. It is that AI browser extensions as a category have become attractive targets. Unit 42’s April 2026 report, authored by Shresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher, Oleksii Starov, Qinge Xie, and Fang Liu, said the team found 18 AI browser extensions marketed as productivity tools that were “not as they seem.” The report described remote access Trojans, meddler-in-the-middle attacks, infostealers, API interception, passive DOM observation, traffic proxying, and HTTPS response decryption.

LayerX’s 2026 report adds category-level context: it says 99 percent of enterprise users have at least one extension installed, about 25 percent have more than 10, roughly 15 percent have an AI extension, and AI extensions are 3x more likely to have access to cookies and 2.5x more likely to execute remote scripts. It also reports that 34 percent of extensions increased permissions in the previous 12 months, with AI extensions 6x more likely to have done so. Those numbers make quarterly review sound less like security theatre and more like routine hygiene.

Academic research reaches the same conclusion from another direction. The 2025 arXiv paper on malicious GenAI Chrome extensions curated 5,551 AI-themed Chrome Web Store extensions, identified 154 previously undetected malicious extensions, and analysed 341 malicious extensions in total, including 29 GenAI-related examples. Another 2025 paper, ASSURE, evaluated AI-powered browser extensions and reported 531 issues across six widely used extensions, including security vulnerabilities and content-alignment failures. The point is not that every AI extension is unsafe. The point is that permission review must be continuous because extension updates can change risk after a seemingly clean install.

Source	Key Finding	Relevance to Perplexity Users
Unit 42, April 2026	18 high-risk AI extensions reported to Google	AI productivity lures can hide RATs, MitM attacks, infostealers, and prompt interception
LayerX, 2026	15 percent of enterprise users have an AI extension installed	AI extensions are a growing, under-managed AI consumption channel
LayerX, 2026	34 percent of extensions increased permissions in 12 months	Permission drift should be reviewed after updates
GenAI Chrome Extensions paper, 2025	5,551 AI-themed extensions curated; 341 malicious extensions analysed	Store presence alone does not prove safety
ASSURE paper, 2025	531 issues across six AI browser extensions	LLM-powered extension testing needs security-specific methods

For Perplexity-specific platform scale and category context, compare these extension risks with the publication’s AI statistics breakdown.

Safety Audit Workflow Before You Install

A user-level safety audit does not require reverse-engineering the extension. It requires comparing what the extension asks for with what you actually need. During our 2026 evaluation, I used a four-part workflow: verify publisher identity, inspect permissions, test the least-permissive site-access setting, and re-check the extension after updates. This is deliberately simple because a security routine that users do not repeat is not a routine at all.

1. Verify publisher and listing history. Use the official Chrome Web Store or Mozilla Add-ons listing, check whether the publisher is connected to the official Perplexity website, and avoid similarly named clones.
2. Read the permission list before approving. In Chrome, check the install prompt and the extension details page. In Firefox, read the required and optional permissions on the listing.
3. Start narrow. In Chrome, prefer when you select the extension or specific-site access unless you know page-wide summaries across the open web are essential.
4. Test with non-sensitive pages first. Try a public article, a documentation page, and a Perplexity page before opening customer records, email, financial portals, or internal dashboards.
5. Review privacy declarations and data settings. A no-collection disclosure is useful, but sensitive page access should still be controlled locally.
6. Re-audit after major updates. Extension updates can add features, change permissions, or alter background behaviour. Review at least quarterly in professional environments.

Enterprises should make the same workflow policy-driven. Extension allowlists, blocked extension IDs, Chrome Enterprise policies, Comet Enterprise controls, data-loss prevention, and identity-provider rules should align. An AI extension used by a sales team reading public prospect pages is not the same risk as one used by finance staff inside accounting tools. Least privilege only works when it is mapped to a role and a workflow.

The most common bottleneck is not installation. It is feature expectation. If a user expects Perplexity to summarise any open page, the browser must allow page access. If IT restricts that access, the user may perceive a broken extension. Document the trade-off in plain language so support teams do not misdiagnose a deliberate restriction as a bug.

How to Restrict Permissions After Installation

Chrome users can restrict extension access without uninstalling Perplexity. Open the extensions menu, select the extension’s three-dot menu, point to site data access, and choose when you select the extension, on the current site, or on all sites. For a more durable setting, open Manage Extensions, choose Details for Perplexity AI Companion, and add or remove specific allowed sites under Permissions. Google’s help text notes an important limitation: these choices apply only to extension sites that match the extension’s host permissions, not to extensions that change lower-level network access through VPN or proxy settings.

Firefox users should review the listing and add-on manager. Firefox’s listed optional all-websites permission should be treated as the switch between Perplexity-domain functionality and broader page access. If a feature does not work after you deny all-sites access, that does not prove the extension is defective. It may mean the blocked feature genuinely needs the page content you are asking it to analyse.

In Comet, users have two layers to review: ordinary installed extensions and Comet Assistant prompts. The Comet help centre says installed extensions can be managed through Settings, Extensions, or the chrome://extensions path. Comet Assistant also uses first-run prompts for advanced agents or automation, with choices to allow once, always allow, or not allow. That means a user can keep a Chrome-style extension restricted while still approving a specific assistant action inside Comet when the task requires it.

My practical recommendation is to build a small allowlist. Add Perplexity’s own domains, any public research sites you regularly summarise, and perhaps one trusted internal knowledge portal if your organisation permits it. Do not add webmail, HR, banking, password management, customer support, or finance domains unless the workflow has a written reason and an owner. The permission question should be revisited whenever the team starts using a new feature, especially Browser Agent queries, Computer workflows, or MCP connectors.

If account access is confused with extension access, separate the two problems using this login recovery guide before changing permissions.

Enterprise Controls and Browser Policy Choices

For organisations, the right question is not whether Perplexity’s browser extension is safe in isolation. The right question is where AI-assisted browsing is allowed to operate. Perplexity Enterprise Pro and Enterprise Max include administrative controls, data privacy commitments, seat management, and higher usage limits. Perplexity’s Computer for Enterprise help page says admins can disable Computer entirely, manage connectors such as Gmail, Slack, GitHub, and Salesforce, and restrict connector availability from organisation permissions. The March 2026 changelog adds Snowflake, Salesforce, HubSpot, Slack, and custom MCP connectors to the practical governance surface.

Comet Enterprise widens the control plane. Perplexity describes granular assistant and agent controls that can block domains, set browser approvals, and limit tasks assigned to agents. It also says administrators can deploy Comet silently through MDM and monitor or restrict activity through policies and CrowdStrike-backed controls. This turns extension-style questions into browser-management questions: permitted domains, permitted actions, retention, auditability, connector scope, and human approval.

The key operational choice is whether to manage Perplexity as a user-installed extension, a sanctioned browser assistant, or an enterprise AI platform. Those are different controls. A user-installed extension is controlled through Chrome, Firefox, or Comet extension settings. A browser assistant is controlled through Comet prompts, agent permissions, and browser policies. An enterprise AI platform is controlled through SSO, SCIM, audit logs, data retention, repository limits, connector governance, and usage caps. Treating all three as one thing creates blind spots.

Jesse Dwyer, speaking for Perplexity in a TechRadar security dispute, rejected one Comet vulnerability claim as “entirely false” and stressed user consent for local MCP setup. Kabilan Sakthivel of SquareX warned that weak agentic controls could “reverse the clock” on browser security principles. Those views conflict, but both point to the same governance need: browser agents must make authority visible.

Capacity planning also matters, because permission expansion often follows usage growth; this monthly query data helps distinguish plan ceilings from browser restrictions.

Four Practical Checks for Perplexity Browser Extension Permissions

The article title promises four checks because that is the simplest repeatable audit. These checks work for individual users, editors, analysts, and IT teams that need a non-theatrical way to decide whether Perplexity’s extension access is appropriate.

Check One: Match Access to the Feature

Use Perplexity-domain access for general account, search, and sidebar workflows. Use on-click access when you only occasionally need page context. Use current-site or specific-site access for trusted domains you summarise repeatedly. Reserve all-sites access for workflows where the whole point is analysing arbitrary pages. If the feature does not need a page, the permission should not be broader than the page.

Check Two: Separate Extension Access From Comet Agent Access

A Chrome or Firefox extension permission allows extension behaviour. Comet Assistant permission allows an AI agent or automation to act within Comet. These are related but not identical. Review both. A user can have a conservative extension policy while allowing one Comet action this time only. That distinction is valuable because it converts permanent permission into situational approval.

Check Three: Protect High-Sensitivity Domains

Never start with all-sites access on confidential systems. Block or avoid HR, payroll, medical, banking, customer records, source-code repositories, and legal-workflow domains unless a formal workflow requires AI browser access. For enterprises, this check should become a domain policy, not a personal preference. For individuals, it should become a habit: summarise public pages first, not private portals.

Check Four: Watch for Permission Drift

LayerX’s 2026 finding that 34 percent of extensions increased permissions in a 12-month period should change user behaviour. A safe install in January is not a permanent decision. Review permissions after extension updates, after new Perplexity features, and after browser changes. Remove dormant extensions. A tool you no longer use is all risk and no benefit.

For broader context on Perplexity’s product scale, pricing, and usage trajectory, pair these checks with official documentation and the reference list rather than adding another browser-level permission.

Takeaways

• Chrome’s current Perplexity AI Companion evidence points to activeTab, scripting, and Perplexity-domain host permissions, not a default all-sites permission in the manifest snapshot reviewed.
• Firefox is clearer at install review because its listing shows required permissions and labels all-websites data access as optional.
• Site-wide access is powerful because it can let an extension read or change data across websites covered by that permission, so it should be granted only for page-context workflows.
• Comet is not merely a browser extension case. It combines Chromium extension compatibility with a separate assistant and agent permission model.
• Perplexity says Comet Assistant keeps browsing history, tab lists, cookies, passwords, autofill data, local files, and typed website input local by default unless a request needs context.
• Enterprise teams should manage Perplexity through allowlists, connector controls, SSO, SCIM, audit logs, data-retention policy, and domain restrictions rather than user choice alone.
• Security research in 2026 supports quarterly reviews, since AI extensions are an expanding target and permission drift is measurable across the extension ecosystem.
• The best default is narrow access first, all-sites access only by workflow need, and a written exception for sensitive domains.

Our Editorial Verification Process

This explainer was verified by cross-checking the Chrome Web Store listing for Perplexity AI Companion, the Firefox Add-ons permission listing, Chrome’s activeTab, scripting, permissions, and site-access documentation, Perplexity’s Comet privacy and extension help pages, Perplexity’s 2026 plan comparison, enterprise pricing FAQ, API pricing documentation, and recent security research from Unit 42, LayerX, arXiv, TechRadar, TechCrunch, and Hacktron. The evaluation did not assume unpublished Chrome permissions, did not claim an install-dialog permission that the live Chrome Web Store text did not expose, and separated primary-source Perplexity limits from third-party plan summaries. Every pricing figure, plan cap, browser-support statement, Comet privacy claim, and extension-security statistic in this article was tied to a documented 2025 or 2026 source rather than inferred from product marketing.

Conclusion

Perplexity browser extension permissions should be judged by scope, context, and control, not by panic over the word permission itself. The Chrome evidence reviewed here points to a relatively narrow extension design built around activeTab, scripting, and Perplexity domain access. Firefox shows a broader but clearer permission interface, with all-websites access treated as optional. Comet introduces a separate browser-assistant model where page context, tab references, agent prompts, and enterprise controls become the real governance questions.

The unresolved issue is not whether AI sidebars can be useful. They clearly can. The open question is whether users and organisations will keep authority visible as these assistants move from answering questions to taking actions. A good permission setup is therefore boring by design: narrow access, specific allowed sites, no casual all-sites approval, periodic review, and extra care on sensitive domains. As browser agents become normal, that boring discipline may become one of the most important habits in practical AI safety.

FAQs

What Permissions Does the Perplexity Chrome Extension Use?

The Chrome Web Store page confirms the official extension identity and metadata. A June 2026 Chrome-Stats snapshot reported activeTab, scripting, and Perplexity web and WebSocket host permissions. activeTab is temporary access to the current tab after a user gesture, while scripting supports page interaction when authorised.

Does Perplexity Need Access to All Websites?

Not for every workflow. If you only use Perplexity as a toolbar shortcut or on Perplexity pages, broader access may be unnecessary. If you want summaries or Q&A about any current webpage, some page-level access is needed. Grant all-sites access only when that feature is central to your use.

Is the Firefox Perplexity Add-On More Invasive Than Chrome?

It is more explicit. Firefox lists required permissions for content blocking, tab access, and Perplexity-domain data access, plus optional all-websites access. Chrome’s activeTab model can be narrower by default, but the final risk depends on site-access settings and user behaviour.

Can I Restrict Perplexity Extension Permissions After Installing?

Yes. In Chrome, open the extension menu or Manage Extensions, then change site data access to on-click, current-site, specific-sites, or all-sites. In Firefox, review add-on permissions and optional all-websites access. In Comet, manage installed extensions and assistant prompts separately.

Does Comet Upload My Browsing History?

Perplexity’s Comet privacy help page says browsing history, full tab lists, cookies, passwords, autofill data, local files, and typed website input stay local by default unless a task explicitly requires context. Context used for some requests may be stored for up to 30 days.

How Do I Check if a Perplexity Extension Is Safe?

Use the official store, verify the publisher, read permissions, start with the narrowest site access, test on non-sensitive pages, review privacy disclosures, and re-check permissions after updates. Remove similar-name clones, dormant extensions, and anything requesting access that does not match its feature set.

Should Enterprises Allow Perplexity Browser Extensions?

They can, but not casually. Enterprises should use extension allowlists, managed browser policy, SSO, SCIM, audit logs, connector governance, and domain restrictions. The safest policy defines where AI browsing is allowed, which data classes are excluded, and who approves broader access.

What Is the Biggest Permission Risk?

The biggest risk is granting persistent all-sites access without a clear workflow. That expands the extension’s potential reach across sensitive pages. Permission drift after updates is the second risk, which is why quarterly reviews matter for both individual users and managed fleets.

References

• Google. (2024). Declare permissions. Chrome for Developers. https://developer.chrome.com/docs/extensions/develop/concepts/declare-permissions
• Google. (2026). The activeTab permission. Chrome for Developers. https://developer.chrome.com/docs/extensions/develop/concepts/activeTab
• Google. (2026). chrome.scripting API. Chrome for Developers. https://developer.chrome.com/docs/extensions/reference/api/scripting
• Google. (2026). Install and manage extensions. Chrome Web Store Help. https://support.google.com/chrome_webstore/answer/2664769
• Mozilla. (2026). Perplexity: Firefox add-on listing. Mozilla Add-ons. https://addons.mozilla.org/en-US/firefox/addon/perplexity/
• Perplexity AI. (2026). Which Perplexity subscription plan is right for you? Perplexity Help Center. https://www.perplexity.ai/help-center/en/articles/11187416-which-perplexity-subscription-plan-is-right-for-you
• Perplexity AI. (2026). Comet Assistant privacy and data use. Comet Browser Help Center. https://comet-help.perplexity.ai/en/articles/12867415-comet-assistant-privacy-data-use
• Seetharam, S. B., Mohamed, N., Melicher, W., Starov, O., Xie, Q., & Liu, F. (2026). That AI extension helping you write emails? It’s reading them first. Unit 42. https://unit42.paloaltonetworks.com/high-risk-gen-ai-browser-extensions/
• Seetharam, S. B., Nabeel, M., & Melicher, W. (2025). Malicious GenAI Chrome extensions: Unpacking data exfiltration and malicious behaviours. arXiv. https://arxiv.org/abs/2512.10029
• Gao, X., Zhai, J., Ma, S., Xie, S., & Shen, C. (2025). ASSURE: Metamorphic testing for AI-powered browser extensions. arXiv. https://arxiv.org/abs/2507.05307
• Malik, A. (2025, June 5). Perplexity received 780 million queries last month, CEO says. TechCrunch. https://techcrunch.com/2025/06/05/perplexity-received-780-million-queries-last-month-ceo-says/