BREAKING: A critical security flaw in the Comet browser, developed by Perplexity, has been uncovered, allowing hidden extensions to execute local commands on users’ devices without their knowledge. This alarming discovery by security researchers at SquareX raises significant concerns about user privacy and system integrity.
The vulnerability stems from an undocumented API known as MCP API, which enables embedded extensions to perform actions typically prohibited by traditional browsers. These extensions, including an analytics tool and an automation agent, operate without appearing in the browser’s extensions dashboard. This means users are unable to manage or disable them, despite the elevated permissions granted.
SquareX’s findings indicate that any compromise of the Comet browser, through methods such as cross-site scripting (XSS) or supply chain attacks, could allow hackers to execute malicious software like WannaCry directly on a victim’s device. In their tests, SquareX demonstrated how attackers could leverage the MCP API to execute ransomware and exfiltrate sensitive files, presenting a grave threat to users worldwide.
“Comet has implemented an MCP API that allows its embedded extensions to execute arbitrary local commands on host devices without explicit user permission,”
stated a SquareX researcher. This statement underscores the seriousness of the flaw, which effectively bypasses critical security measures designed to isolate browser operations from device-level commands.
The implications of this vulnerability extend beyond individual users, as organizations and enterprises may face heightened risks. The hidden nature of these extensions creates a potential third-party risk that could lead to severe cybersecurity incidents. Given the rapid evolution of AI-driven browsers, experts urge immediate action.
WHAT TO DO NOW:
Security teams are advised to treat AI browsers like Comet as high-risk applications. Here are critical steps to mitigate this vulnerability:
– Block or restrict the use of the Comet browser until Perplexity provides a full advisory and documented fixes.
– Implement strict application control and Mobile Device Management (MDM) policies to prevent unauthorized installations and extensions.
– Audit systems for any signs of unapproved extensions or unusual command activity.
– Enhance network monitoring to detect unexpected traffic from perplexity.ai subdomains.
– Adopt a zero-trust approach to limit access for AI-powered browsers within corporate environments.
The discovery of this flaw highlights a pressing issue in cybersecurity: the rapid advancement of AI browsers may outpace traditional security frameworks. As vendors rush to deploy new features, they risk introducing capabilities that could undermine established security protocols.
Organizations must remain vigilant, adopting strategies that assume even trusted tools may harbor hidden risks. The need for comprehensive defenses is more urgent than ever, as the potential impact of these vulnerabilities can be devastating.
This incident serves as a stark reminder that the landscape of cybersecurity is continuously evolving. Stakeholders must prioritize security to protect users and organizations from unforeseen threats posed by emerging technologies.
Stay tuned for further updates as SquareX and Perplexity continue to respond to this critical issue.
