By Sead Fadilpašić
Publication Date: 2025-11-20 18:32:00
- SquareX discovered hidden MCP API in Comet browser enabling arbitrary local command execution
- Vulnerability in Agentic extension could let attackers hijack devices via compromised perplexity.ai site
- Demo showed WannaCry execution; researchers warn catastrophic third‑party risk is inevitable
Cybersecurity experts at SquareX claims to have found a major vulnerability in Comet, the AI browser built by Perplexity, which could let threat actors take over the victim’s device, entirely.
SquareX found the browser has a hidden API capable of executing local commands (commands on the underlying operating system, as opposed to just the browser).
That API, which the researchers named as MCP API (chrome.perplexity.mcp.addStdioServer), appears to be a custom implementation of a more general “Model Context Protocol”, and “allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit.”
Just a matter of time
For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict security controls the industry evolved to, “reverses the clock on decades of browser security principles established by vendors like Chrome, Safari and Firefox.”
SquareX says it found the API in the Agentic extension, which can be triggered by the perplexity.ai page. That means, should anyone break into the Perplexity site, they will have access to devices of all of its users.
For the researchers, this…
