"This exploit, dubbed ChatGPT Tainted Memories by browser security vendor LayerX's researchers, who found and disclosed the security hole to OpenAI, involves some level of social engineering in that it does require the user to click on a malicious link. It also poses a risk to ChatGPT users on any browser - not just Atlas, which is OpenAI's new AI-powered web browser that launched last week for macOS."
"But it's especially dangerous for people using Atlas, according to LayerX co-founder and CEO Or Eshed. This is because Atlas users are typically logged in to ChatGPT by default, meaning their authentication tokens are stored in the browser and can be abused during an active session. Plus, "LayerX testing indicates that the Atlas browser is up to 90 percent more exposed than Chrome and Edge to phishing attacks," Eshed said in a Monday blog."
A cross-site request forgery vulnerability enables attackers to abuse active ChatGPT sessions and inject hidden instructions into the chatbot's built-in memory feature. The exploit, named ChatGPT Tainted Memories, requires social engineering to get a user to click a malicious link and can affect users on any browser. Atlas users face heightened risk because many remain logged in by default and authentication tokens are stored in the browser, which can be abused during active sessions. LayerX testing indicates Atlas may be substantially more exposed to phishing than Chrome and Edge. The attack can manipulate future chatbot responses and compromise account data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]