AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

Overview

The AnyQuery plugin, specifically version 0.4.4 (commit 0abd460), is vulnerable to AppleScript/JXA code injection via an unescaped URL in the macOS Chrome plugin. This vulnerability, tracked as CVE-2026-47252, is classified as CWE-94 — Improper Control of Generation of Code and has a high severity score.

Technical Details

The vulnerability exists in the `chrome_tabs` plugin, where a SQL-controlled `url` value is directly interpolated into an AppleScript template using `fmt.Sprintf(newTabScript, url)` at `plugins/chrome/tabs.go:141` without any escaping. This allows an authenticated AnyQuery user with local CLI access to inject arbitrary AppleScript statements, including `do shell script`, achieving OS-level command execution on the macOS host.

Affected Code

The affected code is located in `plugins/chrome/tabs.go:141` and `plugins/chrome/tabs.go:169`. The first snippet shows the interpolation of the SQL-supplied `url` value into an AppleScript template, which is then executed via `osascript -e`. The second snippet shows the same vulnerability in the `Update` path via the JXA `setURL.js` script.

func (t *tabsTable) Insert(rows [][]interface{}) error {
    for _, row := range rows {
        url := "chrome://newtab/"
        if rawURL, ok := row[2].(string); ok {
            url = rawURL
        }

        cmd := exec.Command("osascript", "-e", fmt.Sprintf(newTabScript, url))
        output, err := cmd.CombinedOutput()
        if err != nil {
            return fmt.Errorf("can't run osascript: %W (message: %s)\n Script: %s", err, output, fmt.Sprintf(newTabScript, url))
        }

    }

    return nil
}

Impact Analysis

The impact of this vulnerability is significant. Any local user authenticated to the AnyQuery CLI who can run SQL against the `chrome_tabs` virtual table can achieve arbitrary OS command execution on the macOS host with the privileges of the AnyQuery process. This can be exploited by any client with INSERT or UPDATE access to the browser-tab plugins, without requiring Chrome credentials or macOS admin rights. The injected AppleScript runs under the user's macOS session, giving access to the file system, keychain prompts, and any application scriptable via Apple Events.

Mitigation

To mitigate this vulnerability, it is recommended to escape double-quote and newline characters in the `url` value before interpolation, or avoid string templating entirely. Specifically in `plugins/chrome/tabs.go`, the following code can be used:

safeURL := strings.ReplaceAll(url, `"`, `"`)
safeURL = strings.ReplaceAll(safeURL, "\n", "")
safeURL = strings.ReplaceAll(safeURL, "\r", "")
cmd := exec.Command("osascript", "-e", fmt.Sprintf(newTabScript, safeURL))

A more robust fix is to pass the URL as an AppleScript variable declared via a `-e` prefix argument rather than string-interpolating it into the script body, or to use the `osascript` `argv` mechanism so the URL never appears inside the script source. Apply the same fix to `fmt.Sprintf(setURLScript, pk, url)` at `tabs.go:169` for the `Update` path. Validate that the URL conforms to an allowed scheme (`https://`, `http://`, `chrome://`) before passing it to either handler.