Trust Me, I’m Local: Chrome Extensions, MCP, and the Sandbox Escape

[A]ny Chrome extension can exploit this. No special permissions required. If there’s a vulnerable MCP server running on a host machine, that’s it. We’ve already found vulnerable MCP servers tied to services like filesystem access, Slack, WhatsApp, and more. This isn’t just a theoretical risk anymore, it’s real, and the impact could be devastating.

Yikes.

May 2, 2025 · No comments yet