Episode Details

Back to Episodes
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Published 3 months ago
Description

This story was originally published on HackerNoon at: https://hackernoon.com/obscure-mcp-api-in-comet-browser-breaches-user-trust-enabling-full-device-control-via-ai-browsers.
The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local
Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cybersecurity, #squarex, #cybernewswire, #press-release, #blockchain-development, #squarex-announcement, #crypto-exchange, #good-company, and more.

This story was written by: @cybernewswire. Learn more about this writer by checking @cybernewswire's about page, and for more stories, please visit hackernoon.com.

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands.

Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us