AppleScript Code Injection in Anyquery Chrome Plugin via Unescaped URL Interpolation

Vulnerability Description

The vulnerability is classified as CWE-94 (Improper Control of Generation of Code). The root cause is unsafe string interpolation: the chrome_tabs plugin receives a URL value from SQL INSERT/UPDATE statements and passes it directly into an AppleScript template via fmt.Sprintf(newTabScript, url) without any escaping or sanitization. This string is then executed by the macOS osascript -e command. Because AppleScript uses newlines as statement delimiters and curly braces for property records, an attacker can inject newline characters to break out of the {URL:"..."} context and append arbitrary AppleScript statements, including do shell script commands that execute arbitrary shell code with the privileges of the anyquery process.

Proof-of-Concept Significance

The PoC demonstrates that the vulnerability is reliably exploitable under realistic conditions: an authenticated anyquery user with local CLI access can craft a malicious SQL statement to trigger code execution. The attack surface is limited to users who already have local access and can issue SQL commands to the anyquery service, but this represents a privilege escalation vector if anyquery runs with elevated privileges or if multiple local users share the same system. The vulnerability affects not only the Chrome plugin but also equivalent implementations in Brave, Edge, and Safari plugins, multiplying the attack surface across WebKit-based browsers on macOS.

Detection Guidance

Defenders should monitor for:

• Process execution logs: Watch for osascript -e invocations spawned by anyquery processes, particularly those containing do shell script or other command execution keywords.
• SQL audit logs: If available, inspect anyquery's SQL query logs for INSERT/UPDATE statements targeting chrome_tabs that contain newline characters (\n, %0a) or unusual characters within URL fields.
• AppleScript analysis: Examine any AppleScript code passed to osascript for injected statements beyond typical URL property assignments.
• System call tracing: Use dtrace or fs_usage on macOS to correlate unexpected child process spawning from anyquery with recent SQL operations.

Mitigation Steps

Immediate actions:

1. Upgrade to a patched version once released (advisory shows 0.4.4 is vulnerable).
2. Apply input validation: implement strict URL parsing and reject any URL containing newlines, carriage returns, or other control characters before they reach the script templating stage.
3. Use parameterized/escaped AppleScript APIs instead of string interpolation—escape single and double quotes, newlines, and backslashes according to AppleScript syntax.
4. Implement principle of least privilege: run anyquery with minimal necessary permissions and avoid running it as root or with elevated capabilities.
5. Restrict local network access: limit which users can connect to and query the anyquery service.

Risk Assessment

The likelihood of widespread exploitation in the wild is currently low to moderate because the attack requires local authentication and CLI access to anyquery, limiting opportunistic exploitation. However, the severity is high because: (1) it enables privilege escalation for local attackers, (2) the vulnerability exists in multiple browser plugins (Chrome, Brave, Edge, Safari), and (3) macOS development and data analysis workflows commonly run anyquery in team environments where multiple users have local access. Security researchers and supply-chain threat actors targeting macOS development tools may prioritize this vulnerability. The advisory's use of a future CVE date (2026) suggests this may be an embargoed disclosure pending patch release.