NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...
Hosted on MSN

Chrome extension disguised as AI assistant expose 10K+ users OpenAI API keys

A Chrome browser extension posing as an artificial intelligence assistant is siphoning OpenAI credentials from more than 10,000 users and sending them to third-party servers. Cybersecurity platform ...
CSOonline

Hidden API in Comet AI browser raises security red flags for enterprises

SquareX has disclosed a previously undocumented API within the Comet AI browser that allows its embedded extensions to execute arbitrary commands and launch applications — capabilities mainstream ...
SiliconANGLE

SquareX warns hidden API in Perplexity’s Comet browser enables full device takeover

New research out today from browser security company SquareX Ltd. is warning of a hidden application programming interface in Perplexity AI Inc.’s Comet browser that allows extensions in the ...
Bleeping Computer

Google Chrome extension used to steal cryptocurrency, passwords

An information-stealing Google Chrome browser extension named 'VenomSoftX' is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. This Chrome ...
Dark Reading

ChatGPT Browser Extension Hijacks Facebook Business Accounts

A threat actor may have compromised thousands of Facebook accounts — including business accounts — via a sophisticated fake Chrome ChatGPT browser extension which, until earlier this week, was ...
Hosted on MSN

What is a WebExtension, and how is it different from a Chrome extension?

If you want to develop browser extensions for Chrome, Safari, Firefox, Opera, and other browsers, you’ve probably seen the phrase ‘WebExtension’ in support documents. Even though WebExtensions and ...