Morningstar

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

PALO ALTO, Calif., Nov. 19, 2025 /PRNewswire/ -- SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full ...

Experts warn Claude Chrome extension could let hackers hijack your online browsing

Prompt injection attacks can now be carried out in browser extensions, experts warn.
Bleeping Computer

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. When first ...
Infosecurity Magazine

Experts Sound Alarm Over “Prompt Poaching” Browser Extensions

Security experts have warned users to beware of malicious Chrome extensions designed to secretly monitor and exfiltrate users ...