Perplexity's Comet AI browser may have some concerning security flaws which could let hacker hijack your device

News
By published

SquareX says it found a 'hidden API' in the Comet browser

Abstract image of cyber security in action.
OpenVPN-protokollet - därför är det så bra (Image credit: Shutterstock)
  • SquareX discovered hidden MCP API in Comet browser enabling arbitrary local command execution
  • Vulnerability in Agentic extension could let attackers hijack devices via compromised perplexity.ai site
  • Demo showed WannaCry execution; researchers warn catastrophic third‑party risk is inevitable

Cybersecurity experts at SquareX claims to have found a major vulnerability in Comet, the AI browser built by Perplexity, which could let threat actors take over the victim’s device, entirely.

SquareX found the browser has a hidden API capable of executing local commands (commands on the underlying operating system, as opposed to just the browser).

That API, which the researchers named as MCP API (chrome.perplexity.mcp.addStdioServer), appears to be a custom implementation of a more general “Model Context Protocol”, and “allows its embedded extensions to execute arbitrary local commands on users’ devices, capabilities that traditional browsers explicitly prohibit.”

Just a matter of time

For Kabilan Sakthivel, Researcher at SquareX, not adhering to strict security controls the industry evolved to, “reverses the clock on decades of browser security principles established by vendors like Chrome, Safari and Firefox.”

SquareX says it found the API in the Agentic extension, which can be triggered by the perplexity.ai page. That means, should anyone break into the Perplexity site, they will have access to devices of all of its users.

For the researchers, this is not a question of ‘if’, but rather - ‘when’.

“A single XSS vulnerability, a successful phishing attack against a Perplexity employee, or an insider threat would instantly grant attackers unprecedented control via the browser over every Comet user's device,” their report notes.

“This creates catastrophic third-party risk where users have resigned their device security to Perplexity's security posture, with no easy way to assess or mitigate the risk.”

SquareX also showed a demo in which the researchers spoofed a legitimate extension, sideloaded it into the browser, and through it injected a script into the perplexity.ai page. This invoked the Agentic extension which, ultimately, used MCP to execute WannaCry.

“While the demonstration leveraged extension stomping, other techniques such as XSS, MitM network attacks that exploit the perplexity.ai or the embedded extensions can also lead to the same result.”

We have reached out to Perplexity about these findings and will update the article when we hear back.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.