Trust Me, I'm Local: Chrome Extensions, MCP, and the Sandbox Escape