"We found two problems. One problem was Perplexity didn't put a restriction on the AI agent reaching out to anything on the file system. Typically, a JavaScript application, for example, if you go into a website, a JavaScript application can't just query a URL from your machine because of cross-origin restrictions. But AI browsers are not respecting cross-origin restrictions to the letter."
"Attackers could instruct Perplexity's Comet to access a file without permission from the user and without notifying the user. To do so, the attacker could just craft a malicious calendar event invitation and embed instructions to pilfer data from the victim's machine. The only thing we need is for the user to do any sort of interaction with the calendar invite or with our calendar."
"The second thing is that we show that once the 1Password extension is installed in the Comet browser and is unlocked, we can actually instruct Comet to go to the extension URL and then hijack your 1Password account - full takeover of your 1Password account, which is the worst thing that can happen."
Zenity Labs security researchers discovered severe vulnerabilities in Perplexity's Comet AI browser that exposed users' local file systems and password managers to unauthorized access. The browser failed to enforce cross-origin restrictions, allowing AI agents unrestricted access to the file:// protocol and local machine files. Attackers could craft malicious calendar event invitations containing instructions to extract sensitive data without user permission or notification. Additionally, if the 1Password extension was installed and unlocked in Comet, attackers could hijack the entire 1Password account. These vulnerabilities required minimal user interaction—simply interacting with a calendar invite could trigger the attack, making it more dangerous than typical social engineering attempts.
#browser-security-vulnerabilities #ai-browser-risks #local-file-access-exploitation #password-manager-security #calendar-based-attack-vector
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]