Advisories for Golang/Github.com/Julien040/Anyquery/Plugins/Brave package

The chrome_tabs plugin (and equivalent Brave/Edge/Safari variants) interpolates a SQL-controlled url value directly into an AppleScript template via fmt.Sprintf(newTabScript, url) at plugins/chrome/tabs.go:141 without any escaping, then passes the result to exec.Command("osascript", "-e", …). An authenticated anyquery user who can issue SQL INSERT INTO chrome_tabs statements — which requires local CLI access — can break out of the {URL:"…"} property record with a newline-containing payload and inject arbitrary AppleScript statements, including …