Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX disclosed research showing the Comet AI Browser exposes an undocumented MCP API (chrome.perplexity.mcp.addStdioServer) that allows embedded extensions persistent, unrestricted local command execution. The team demonstrated an attack chain using extension-stomping and the Agentic extension to run WannaCry, noted embedded extensions are hidden from users and cannot be disabled, and warns this design creates severe third-party and supply-chain risk; SquareX calls for API disclosure, third-party audits, and user controls.