URL has been copied successfully!
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers


Tags: , , , ,

Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local […] The post Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/obscure-mcp-api-in-comet-browser-breaches-user-trust-enabling-full-device-control-via-ai-browsers/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: AI Data Security Best Practices Released, While New Framework Seeks To Help IT Pros Gain Cyber Skills
  2. The healthcare industry is at a cybersecurity crossroads
  3. Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
  4. Agentic AI opens door to new ID challenges: Report