Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API. Existing documentation only covers the intent of the feature, without disclosing that Comet’s embedded extensions have persistent access to the API and the ability to launch local apps arbitrarily without user permission, creating a massive breach of user trust and transparency. 

“For decades, browser vendors have adhered to strict security controls that prevent browsers, and especially extensions, from directly controlling the underlying device,” explains Kabilan Sakthivel, Researcher at SquareX. “Traditional browsers require native messaging APIs with explicit registry ...