Summary: Researchers from ExtensionTotal have discovered a potentially dangerous Chrome extension that utilizes the Model Context Protocol (MCP) to operate unauthorized actions on user machines. With the MCP architecture being open by default, it raises serious concerns about security vulnerabilities, particularly with how easily extensions can communicate with local services and access sensitive resources. The findings highlight a critical security gap that could expose users to a wide range of threats.
Affected: Google Chrome, Model Context Protocol (MCP) architecture
Keypoints :
- The suspicious Chrome extension can perform actions without user permissions, leveraging MCP servers that communicate via Server-Sent Events (SSE).
- MCP architecture allows agents to interact with local resources seamlessly, but its open nature makes it vulnerable to exploitation by malicious browser extensions.
- The ExtensionTotal researchers demonstrated that Chrome’s sandboxing features do not effectively isolate extensions from local MCP servers, leading to significant security risks.
Source: https://www.infosecurity-magazine.com/news/chrome-extension-ai-engine-act-mcp/