- SquareX discovered a hidden MCP API in the Comet browser that allowed arbitrary local commands to be executed
- A vulnerability in the Agentic extension could allow attackers to hijack devices via the compromised perplexity.ai site
- The demo showed the execution of WannaCry; Researchers warn that catastrophic third-party risk is inevitable.
Cybersecurity experts at SquareX claim to have found a major vulnerability in Comet, the AI browser created by Perplexity, that could allow threat actors to completely take over a victim’s device.
SquareX discovered that the browser has a hidden API capable of executing local commands (commands on the underlying operating system, rather than just the browser).
That API, which the researchers called the MCP API (chrome.perplexity.mcp.addStdioServer), appears to be a custom implementation of a more general “Model Context Protocol” and “allows its built-in extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit.”
It’s just a matter of time
For SquareX researcher Kabilan Sakthivel, not adhering to the strict security controls the industry evolved to “turns back the clock on decades of browser security principles established by vendors like Chrome, Safari and Firefox.”
SquareX says it found the API in the Agentic extension, which can be activated via the perplexity.ai page. That means that if someone logs into Perplexity’s site, they will have access to all of its users’ devices.
For researchers, it’s not a question of “if,” but rather “when.”
“A single
“This creates a catastrophic risk to third parties where users have resigned the security of their devices to Perplexity’s security posture, with no easy way to assess or mitigate the risk.”
SquareX also showed a demo in which researchers spoofed a legitimate extension, downloaded it to the browser, and through it injected a script into the perplexity.ai page. This invoked the Agentic extension which was ultimately used by MCP to execute WannaCry.
“While the demo took advantage of extension stomping, other techniques such as XSS, MitM network attacks exploiting perplexity.ai, or built-in extensions can also lead to the same result.”
We’ve contacted Perplexity about these findings and will update the article when we hear back.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
