Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Posted on
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local […]

The post Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

​The original article found on GBHackers Security | #1 Globally Trusted Cyber Security News Platform Read More

Related Posts

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google’s Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major […]