CP
cyberpings
VulnerabilitiesHIGH

AI Browser Vulnerabilities Exposed: Prompt Injection Risks Uncovered

TOTrail of Bits Blog
CometPerplexityprompt injectionAI vulnerabilities
🎯

Basically, security tests showed how a new browser could leak your emails.

Quick Summary

A security audit of the Comet browser revealed serious vulnerabilities. Users could have their emails leaked through prompt injection attacks. Perplexity is addressing these issues, but caution is advised when using AI-powered features.

What Happened

A recent security audit of the Comet browser revealed alarming vulnerabilities. Four prompt injection techniques were discovered that could allow attackers to extract sensitive user information, like emails from Gmail. This was done by exploiting the browser's AI assistant?, which interacts with web pages and user data.

Perplexity, the company behind Comet, engaged security experts to conduct this audit before launching the browser. The findings highlighted how the AI assistant? mishandles external content, treating it as trustworthy when it should not. This oversight opens the door for potential data breaches, making it crucial for the company to address these vulnerabilities before users start relying on the browser for their daily tasks.

Why Should You Care

Imagine using a browser that not only helps you surf the web but also interacts with your personal data. Now, think about how vulnerable that makes your private information. If an attacker can trick the AI assistant? into revealing your emails, it could lead to identity theft or financial fraud.

Your online safety is at risk. Just like you wouldn't leave your front door wide open, you shouldn't use software that exposes your data to potential threats. As more companies integrate AI into their products, understanding these risks becomes essential for everyone, from casual users to tech-savvy professionals.

What's Being Done

In response to these findings, Perplexity is taking action. They have published a blog post and research paper detailing how they plan to address the prompt injection? vulnerabilities. Here’s what you can do if you use the Comet browser:

  • Stay updated on security patches from Perplexity.
  • Review their blog for best practices on using the AI assistant? safely.
  • Be cautious about sharing sensitive information while using the browser.

Experts are closely monitoring how Perplexity implements these changes and whether they can effectively mitigate these vulnerabilities before the browser's wider release.

💡 Tap dotted terms for explanations

🔒 Pro insight: The discovered prompt injection techniques could serve as a blueprint for future attacks on AI-integrated applications.

Original article from

Trail of Bits Blog

Read Full Article

Share

Related Pings

CRITICALVulnerabilities

Critical RRAS RCE Vulnerabilities Patched in Windows 11

Microsoft released a hotpatch for critical RRAS vulnerabilities in Windows 11. These flaws could allow hackers to execute code remotely. Users should ensure their systems are updated to protect against potential attacks.

Cyber Security News·
HIGHVulnerabilities

FortiGate Firewalls Targeted in High-Severity Exploit Wave

FortiGate firewalls are under attack as hackers exploit critical vulnerabilities. Organizations using these firewalls are at risk of credential theft and network breaches. Immediate patching and credential rotation are essential to mitigate these threats.

Cyber Security News·
HIGHVulnerabilities

March Patch Tuesday Fixes 84 Vulnerabilities Across 15 Products

Microsoft's March Patch Tuesday addressed 84 vulnerabilities across various products. Eight are critical, but none affect Windows directly. Stay updated to protect your systems from potential exploits.

Sophos News·
HIGHVulnerabilities

Microsoft Issues Urgent Hotpatch for Windows 11 RCE Vulnerability

Microsoft has released a critical hotpatch for Windows 11 to fix serious vulnerabilities. Affected devices include Windows 11 Enterprise systems. This update is crucial to prevent remote code execution that could compromise sensitive data.

BleepingComputer·
CRITICALVulnerabilities

Critical Vulnerability in HPE AOS-CX Allows Password Resets

The Flaw Hewlett Packard Enterprise (HPE) has reported a critical-severity vulnerability in its Aruba Networking AOS-CX switches, tracked as CVE-2026-23813. This vulnerability has a CVSS score of 9.8, indicating its severity. It allows attackers to reset administrator passwords remotely and without any authentication, effectively bypassing existing security measures. This flaw affects various models, including the CX 4100i, CX 6000,

SecurityWeek·
HIGHVulnerabilities

Critical LangSmith Vulnerability Exposes Users to Account Takeover

A critical vulnerability in LangSmith could allow hackers to take over user accounts. This flaw affects users who rely on LangSmith for AI data monitoring. Immediate action is required to ensure security and protect sensitive information.

Cyber Security News·