Trust Me, I'm Local: Chrome Extensions, MCP, and the Sandbox Escape

Trust Me, I’m Local: Chrome Extensions, MCP, and the Sandbox Escape Yuval Ronen Follow 6 min read · Apr 24, 2025 -- Listen Share Let’s talk about MCPs. You’ve probably heard of them, and maybe you’ve read the security risks associated with them. Sure, they sound worrying, but when you put them into a real-world context, they can quickly become far more concerning than you can ever imagine. Just last week, our system flagged a suspicious Chrome extension. It sent messages to a port on localhost — nothing too odd at first glance, but as we dug deeper, we found that this extension communicated with an MCP server running on the local machine. The fact that Chrome extensions can communicate with MCPs is a serious risk. The consequences are enormous. The usual security measures like Chrome’s sandbox model, don’t stand a chance. You’re looking at unauthenticated access to the filesystem and, in some cases, a full machine takeover. That’s not just a small issue; that’s a massive, game-chan ... Read full article.