NextBigFuture

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI ...

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals ...
ZDNet

5 browser extension rules to live by to keep your system safe in 2025

Some people view browser extensions as a necessary piece of the puzzle, while others see them as a danger. So, how could something so small present such a problem for users? Consider a recent report ...
CSOonline

Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP

Chrome extensions were spotted leaking sensitive browser data like API keys, secrets, and tokens via unguarded HTTP transmissions and hardcoded spills. Seemingly harmless Chrome extensions aimed at ...
Dark Reading

'CrossBarking' Attack Targeted Secret APIs, Exposing Opera Browser Users

Researchers have uncovered a fresh browser attack that compromises "private" application programming interfaces (APIs) in Opera to allow carte blanche over victims' browsers. Browser APIs provide a ...
SiliconANGLE

SquareX warns hidden API in Perplexity’s Comet browser enables full device takeover

New research out today from browser security company SquareX Ltd. is warning of a hidden application programming interface in Perplexity AI Inc.’s Comet browser that allows extensions in the ...
来自MSN

What is a WebExtension, and how is it different from a Chrome extension?

If you want to develop browser extensions for Chrome, Safari, Firefox, Opera, and other browsers, you’ve probably seen the phrase ‘WebExtension’ in support documents. Even though WebExtensions and ...