SquareX Discloses Architectural Limitations of Browser DevTools in Debugging Malicious Extensions
SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are
SquareX Raises $20 Million for Revolutionary Browser Detection and Response Solution
New Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
SquareX discovers how polymorphic extensions impersonate legitimate extensions to harvest credentials.
SquareX Discloses Major Passkey Vulnerability at DEF CON 33
SquareX Research: AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
SquareX Uncovers Obscure MCP API in Comet Browser Enabling Full Device Control

Comet's MCP API Allows AI Browsers to Execute Local Commands


Our research reveals that Comet has implemented an MCP API that allows its embedded extensions to execute arbitrary local commands on host devices without explicit user permission, including executing known ransomwares.
Comet MCP API Vulnerability

Secure Your AI Browser with SquareX Today

Exploiting the MCP API to Execute Ransomware

In addition, our research team also found an MCP API (chrome.perplexity.mcp.addStdioServer) that allows the agentic extension of Comet browser to execute arbitrary commands on the host machine.

To illustrate how the API could be abused, we show how an extension stomping attack can impersonate the Analytics Extension, eventually leading to ransomware being executed in the user's device without any user consent.

Step 1
1. Comet has two embedded extensions - the Analytics & Agentic Extension. Both are installed by default and hidden from the extension dashboard.
Step 2
2. Via an extension stomping attack, the attacker spoofs the Analytics Extension ID and sideloads the malicious extension in its place.
Step 3
3. The malicious Analytics Extension injects a script to the perplexity.ai page, which in turn passes this command to the Agentic Extension.
Step 4
4. The Agentic Extension uses the MCP API to run local apps & commands, including executing known malware like WannaCry.

Watch Demo Video
Video Thumbnail

What Are Comet's Embedded Extensions?

When a user installs Comet, it comes with a set of embedded extensions:

  • Comet Analytics Extension - takes in and processes browser data, communicates with the server side and monitors actions performed by the agentic extension
  • Comet Agentic Extension - responsible for executing all agentic automation capabilities of the browser

Both extensions are installed without the user's explicit permission, nor do they have the option to disable them.

Comet Extensions Dashboard

The SquareX Solution

SquareX's extension turns any browser on any device into an enterprise-grade secure browser. SquareX is the only solution that combines all three key components of browser security in a single platform:

  • Browser Detection and Response to detect & mitigate web attacks including identity attacks, malicious extensions advanced spearphishing attacks and malicious files
  • Enterprise browser to provide secure access to enterprise apps including VDI reduction, BYOD, 3rd party contractors and remote workers
  • Browser DLP including GenAI DLP, clipboard DLP, file DLP, insider attacks and data exfiltration attacks

The lightweight browser extension that is compatible with all major popular browsers including Chrome, Edge, Safari and Firefox and can be easily deployed across both managed and unmanaged devices.

Try SquareX Enterprise