A newly discovered browser vulnerability has been reported involving the Comet browser from Perplexity. This zero-click attack can lead to the erasure of a user’s entire Google Drive using crafted emails, as detailed by research from Straiker STAR Labs.
The attack operates by linking the browser with services like Gmail and Google Drive, allowing the browser to automate tasks like reading emails and managing files. An example alert from a user might read, "Please check my email and complete all my recent organization tasks." This prompts the browser to comb through the inbox and execute the requested actions.
Amanda Rousseau, a security researcher, pointed out that this kind of behavior showcases an alarming level of agency within language model (LLM) driven assistants. An attacker could exploit this to send personalized emails embedded with instructions that explain to the browser to organize files or delete certain content without explicitly confirming those actions with the user.
Such manipulative sequencing and courteous phrasing make it easy for the model to carry out these deleterious actions, effectively treating them as innocuous housekeeping tasks. This approach pushes the assistant to act on malicious orders without verifying their legitimacy.
Rousseau emphasized that this vulnerability turns typical user prompts into significant actions across platforms like Gmail and Google Drive. If not addressed, the risk of unintended data loss from such email interactions becomes a pressing concern for organizations.
On a related note, Cato Networks has introduced another technique dubbed "HashJack" that employs URL fragments in legitimate web addresses to launch indirect prompt injections. In this case, cybercriminals can lead users to click on harmful URLs while convincing them that they’re accessing credible websites.
Although Google classified this vulnerability with low severity and designated it as intended behavior, Perplexity and Microsoft have patched their respective browsers. Meanwhile, Claude for Chrome and OpenAI Atlas browsers reportedly remain unaffected by the HashJack vulnerability.
Overall, the implications of these vulnerabilities underscore a significant need for enhanced security protocols regarding AI-driven browsers, which could otherwise be exploited through everyday interactions.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.