- SquareX found hidden MCP API in Comet browser enabling arbitrary native command execution
- Vulnerability in Agentic extension may let attackers hijack gadgets by way of compromised perplexity.ai web site
- Demo confirmed WannaCry execution; researchers warn catastrophic third‑get together danger is inevitable
Cybersecurity specialists at SquareX claims to have discovered a serious vulnerability in Comet, the AI browser constructed by Perplexity, which may let menace actors take over the sufferer’s machine, completely.
SquareX discovered the browser has a hidden API able to executing native instructions (instructions on the underlying working system, versus simply the browser).
That API, which the researchers named as MCP API (chrome.perplexity.mcp.addStdioServer), seems to be a customized implementation of a extra basic “Mannequin Context Protocol”, and “permits its embedded extensions to execute arbitrary native instructions on customers’ gadgets, capabilities that conventional browsers explicitly prohibit.”
Only a matter of time
For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict safety controls the business advanced to, “reverses the clock on a long time of browser safety rules established by distributors like Chrome, Safari and Firefox.”
SquareX says it discovered the API within the Agentic extension, which might be triggered by the perplexity.ai web page. Meaning, ought to anybody break into the Perplexity web site, they may have entry to gadgets of all of its customers.
For the researchers, this isn’t a query of ‘if’, however relatively – ‘when’.
“A single XSS vulnerability, a profitable phishing assault towards a Perplexity worker, or an insider menace would immediately grant attackers unprecedented management by way of the browser over each Comet person’s machine,” their report notes.
“This creates catastrophic third-party danger the place customers have resigned their machine safety to Perplexity’s safety posture, with no simple technique to assess or mitigate the chance.”
SquareX additionally confirmed a demo during which the researchers spoofed a respectable extension, sideloaded it into the browser, and thru it injected a script into the perplexity.ai web page. This invoked the Agentic extension which, in the end, used MCP to execute WannaCry.
“Whereas the demonstration leveraged extension stomping, different methods reminiscent of XSS, MitM community assaults that exploit the perplexity.ai or the embedded extensions may also result in the identical outcome.”
We now have reached out to Perplexity about these findings and can replace the article once we hear again.
The very best antivirus for all budgets
Observe TechRadar on Google Information and add us as a most well-liked supply to get our knowledgeable information, critiques, and opinion in your feeds. Be certain that to click on the Observe button!
And naturally you can too observe TechRadar on TikTok for information, critiques, unboxings in video kind, and get common updates from us on WhatsApp too.
