Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Chrome Extension Localhost Vulnerability: Sandbox Escape

2025-05-01
Chrome Extension Localhost Vulnerability: Sandbox Escape

A critical Chrome extension security vulnerability has been discovered. Malicious extensions can communicate with locally running Model Context Protocol (MCP) servers, bypassing Chrome's sandbox and accessing sensitive resources like the local filesystem, Slack, WhatsApp, and potentially achieving complete host takeover. This vulnerability affects any Chrome extension without needing special permissions. The root cause is the common lack of authentication in MCP servers, allowing unauthenticated access. Researchers demonstrated accessing the filesystem and Slack. This highlights the urgent need for enhanced security when running local MCP servers and presents a significant enterprise security threat.

(blog.extensiontotal.com)
Tech Chrome extension security MCP vulnerability sandbox escape
Nintendo Switch 2's Game-Key Cards Spark Game Preservation Debate
Apple Hit with Heavy Sanctions in Antitrust Case, Cook Directly Blamed