Chrome Users Warned of Potential Attack: 99% May be Exposed
In a concerning development, a new class of exploits is targeting the top 5 Generative AI (GenAI) tools through browser extensions. The research on these attacks, known as Man-in-the-Prompt attacks, was conducted by LayerX, but the company behind the report remains unidentified in search results, leaving proposed solutions or measures to prevent these attacks unknown.
The primary threat is to Windows PCs, with Google Chrome dominating the browser market. The subtle yet potentially potent attack of manipulating AI systems is becoming increasingly pertinent across the industry. When using AI tools and browser extensions simultaneously, caution is advised.
The threat to Google's 3 billion users is hidden undercover and is not primarily from the announced security fixes and zero-day warnings. Robust security measures are lacking when it comes to browser extensions, and they often operate with security credentials, posing a risk of signing into malicious websites.
LayerX's research shows that any browser extension can access prompts of both commercial and internal Language Models (LLMs) and inject them with prompts to steal data. AI assistants could potentially become "hacking copilots," stealing sensitive corporate information.
The risk of prompt injection attacks is increasing, compromising users, their data, and workplaces. Security tools have no runtime visibility to protect users against the rising threat of malicious browser extensions. LLMs inherit much of the browser's risk surface due to their tight integration with browsers.
In a related development, SquareX warned 3 weeks ago that millions of users have had their data stolen by malicious or hijacked browser extensions. When using an AI assistant, the prompt input field is typically part of the page's Document Object Model (DOM), allowing any browser extension with scripting access to the DOM to read from or write to the AI prompt directly.
It's important to note that while the U.S. is reportedly involved in a fight with ForbesApple over encryption, forcing the U.K. to drop a "back door," this issue is unrelated to the threats discussed in this article.
Stay vigilant, and be mindful of the potential risks when using AI tools and browser extensions simultaneously. Further research and development in security measures are needed to protect users against these emerging threats.
Read also:
- Antitussives: List of Examples, Functions, Adverse Reactions, and Additional Details
- Impact, Prevention, and Aid for Psoriatic Arthritis During Flu Season
- Cookies employed by Autovista24 enhance user's browsing experience
- Strict Regulations for Gambling Transactions Under Consideration by the Philippine Central Bank
