NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...

Google Chrome at risk from shape-shifting browser extensions — how to stay safe

Just like malicious apps on your smartphone, malicious browser extensions can put your devices and the sensitive data stored ...
Dark Reading

260K+ Chrome Users Duped by Fake AI Browser Extensions

The Chrome Web Store has been infested with dozens of malicious browser extensions claiming to provide AI assistant functionality but that secretly are siphoning off personal information from victims.
Hosted on MSN

Chrome extension disguised as AI assistant expose 10K+ users OpenAI API keys

A Chrome browser extension posing as an artificial intelligence assistant is siphoning OpenAI credentials from more than 10,000 users and sending them to third-party servers. Cybersecurity platform ...
Bleeping Computer

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. When first ...
SiliconANGLE

SquareX warns hidden API in Perplexity’s Comet browser enables full device takeover

New research out today from browser security company SquareX Ltd. is warning of a hidden application programming interface in Perplexity AI Inc.’s Comet browser that allows extensions in the ...
Bleeping Computer

Google: Manifest V2 Chrome extensions to stop working in 2023

Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. Extension capabilities are restricted using a mechanism called ...