The Security Ledger

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local ...

Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device

SquareX discovered hidden MCP API in Comet browser enabling arbitrary local command execution Vulnerability in Agentic extension could let attackers hijack devices via compromised perplexity.ai site ...