MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
browser
Recherche

Perplexity's AI Browser Comet Vulnerable To Prompt Injection Attacks That Hijack User Accounts

lundi 25 août 2025, 18:54 , par Slashdot
Perplexity's AI Browser Comet Vulnerable To Prompt Injection Attacks That Hijack User Accounts
Security researchers have uncovered critical vulnerabilities in Perplexity's Comet browser that enable attackers to hijack user accounts and execute malicious code through the browser's AI summarization features. The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt injection attacks that bypass traditional web security mechanisms when users request webpage summaries.

Brave demonstrated account takeover through a malicious Reddit post that compromised Perplexity accounts when summarized. The vulnerability allows attackers to embed commands in webpage content that the browser's large language model executes with full user privileges across authenticated sessions.

Guardio's testing found the browser would complete phishing transactions and prompt users for banking credentials without warning indicators. The paid browser, available to Perplexity Pro and Enterprise Pro subscribers since July, processes untrusted webpage content without distinguishing between legitimate instructions and attacker payloads.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/08/25/1654220/perplexitys-ai-browser-comet-vulnerable-to-prompt-inj...

Voir aussi

browser Perplexity Launches Subscription Program That Includes Revenue Sharing With Publishers Slashdot25 Aug
accounts Google is making it easier to switch your default browser to Chrome BetaNews25 Aug
prompt Comment le navigateur IA Comet de Perplexity pourrait divulguer vos données ZDNet.fr25 Aug
user Apple has protected against seven zero-day attacks this year ComputerWorld22 Aug
comet KPMG Wrote 100-Page Prompt To Build Agentic TaxBot Slashdot22 Aug
webpage Votre iPhone ou Mac est-il vulnérable à cette nouvelle faille Zero Day ? Génération-NT22 Aug
perplexity's CyberAttaque Auchan : quand la fidélité devient vulnérable Zataz21 Aug
hijack CyberAttaque Auchan : quand la fidélité devient vulnérable Zataz21 Aug
injection Amazon quietly fixed Q Developer flaws that made AI agent vulnerable to prompt injection, RCE TheRegister20 Aug
attacks Perplexity's Comet browser naively processed pages with evil instructions TheRegister20 Aug
without KPMG wrote 100-page prompt to build agentic TaxBot TheRegister20 Aug
browser's Preventing domain-resurrection attacks (PyPI blog) LWN.net19 Aug
when Browser wars are back, predicts Palo Alto, thanks to AI TheRegister19 Aug
pro Lenovo's Lena AI chatbot had weakness that let attackers hijack sessions BetaNews18 Aug
perplexity Boffins say tool can sniff 5G traffic, launch 'attacks' without using rogue base stations TheRegister18 Aug
eacute J'ai testé le navigateur Comet de Perplexity, doté d'IA. Voici ce que vous devez savoir ZDNet.fr18 Aug
rable Google Gemini vulnérable au phishing : attention aux résumés d'e-mails ! Génération-NT18 Aug
vuln Seth Godin's AI-powered "Prompt Decks" launch on Kickstarter BoingBoing15 Aug
browser Researchers uncover fake Netflix recruiter scheme targeting Facebook accounts BetaNews15 Aug
accounts CrowdStrike debuts unified identity security for human, non-human, and AI accounts BetaNews14 Aug
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 26 août - 05:55 CEST