Cursor’s embedded browser is at risk due to a critical vulnerability that allows attackers to inject arbitrary code via compromised MCP servers. The attack starts when users download a malicious MCP server, which enables attackers to modify Cursor’s internal browser environment without proper verification. By exploiting the absence of checksum verification, attackers can replace the browser’s content with controlled HTML, creating convincing fake login pages to harvest user credentials. This vulnerability poses significant risks as it could grant attackers full access to corporate networks once developer credentials are compromised.
The attack process is straightforward, requiring merely the enabling of a malicious MCP server. Once operational, the malicious code remains active across all browser tabs, enabling ongoing access and control. The implications of this vulnerability extend beyond individual developers, representing a significant threat to organizational security. Compromised MCP servers can manipulate system components and execute unauthorized actions without user awareness, highlighting a broader supply chain risk. Industry professionals are urged to enforce stringent policies regarding MCP server usage and to verify server sources thoroughly to mitigate these risks.
👉 Pročitaj original: Cyber Security News
