A Hidden API in Comet Browser Undermines User Security and Trust

Alarming Security Flaws in the Comet Browser

In a shocking revelation, SquareX has uncovered significant security vulnerabilities in the Comet Browser, brought to light through their recent research. The investigation identifies a hidden API, known as the MCP API, that grants extensions within the AI Browser the capability to execute local commands on users' devices. This discovery raises serious concerns about user trust and browser security protocols that have traditionally protected users.

What is the MCP API?

The MCP API, specifically `chrome.perplexity.mcp.addStdioServer`, was implemented in the Comet Browser, allowing embedded extensions to run arbitrary commands without user consent. This feature is fundamentally at odds with the security principles upheld by conventional browsers like Chrome, Safari, and Firefox, which have long prevented browser extensions from gaining such direct control.

Kabilan Sakthivel, a researcher at SquareX, emphasized that for many years, browser vendors have maintained strict security measures to guard against unauthorized access. The presence of the MCP API suggests that Comet has significantly deviated from these established norms to enhance its functionality, inadvertently eroding long-standing user protections.

The Risks Associated with the API

Currently, the MCP API can be accessed through the Agentic extension, triggered by the `perplexity.ai` page. This scenario opens a covert channel for Comet to tap into local data and execute commands without users being aware. While there is no immediate evidence suggesting that the MCP API is currently misused, the potential for future violations is evident. Any vulnerability—be it an XSS flaw or a phishing attack—could expose users' devices to unprecedented control by malicious actors.

In a test conducted by SquareX, the team demonstrated how an attacker could disguise a harmful extension as a legitimate one, thereby exploiting the hidden API. This manipulation could serve as a conduit for malware on an unsuspecting user's system, posing catastrophic risks for end-users and compromising their privacy.

Lack of Transparency and Accountability

The concerning aspect surrounding the MCP API is the lack of comprehensive documentation regarding its use and implications. There is minimal guidance available about how the API operates, and importantly, its potential for misuse is inadequately addressed. Users are left with no clear understanding of the risks posed by the API or how their personal data might be endangered by extensions operating under this relaxed security paradigm.

In a significant oversight, Comet has concealed critical extensions from its management dashboard. This lack of visibility prevents users from disabling extensions that could be compromised, effectively creating a hidden risk that goes undetected by both users and security teams alike. This hidden IT infrastructure poses a serious challenge for organizations trying to maintain a robust security posture while utilizing the Comet Browser.

A Call to Action for AI Browsers

While SquareX has shared these findings with Perplexity, the company has yet to respond publicly. This situation highlights a broader concern within the AI Browser space, where companies may prioritize rapid feature implementation over necessary security precautions and transparency. The existence of the MCP API within Comet could set a worrying precedent, emboldening other AI Browser developers to adopt similar practices that potentially compromise user safety.

Vivek Ramachandran, the founder of SquareX, underscores the importance of accountability from both users and the security community. He advocates for heightened scrutiny over AI-driven browsers, urging vendors to ensure clear disclosure of API functionalities and to submit to third-party security audits.

Without these essential safeguards, users face the risk of third-party exploitations and a reversion of decades of security advancements under the guise of innovation. As digital landscapes evolve, it is imperative that industry leaders commit to maintaining stringent security standards that protect users rather than undermining them in the race for technological supremacy.

In conclusion, the implications of the MCP API in the Comet Browser serve as a stark reminder of the potential vulnerabilities lurking beneath the surface of new technologies. As the discourse around web security continues, the call for transparency, accountability, and robust security practices in AI browsers is more critical than ever.