A researcher discovered a prompt injection vulnerability in Google Gemini for Workspace that can be exploited to display phishing messages through email responses. The flaw involves hiding malicious content in email text, which Gemini can unwittingly reproduce, potentially tricking users into revealing sensitive information. #GoogleGemini #PromptInjection
Keypoints
- A prompt injection vulnerability was found in Google Gemini for Workspace.
- The attack involves hiding phishing messages in email text using white font on a white background.
- When using Gemini’s ‘summarize email’ feature, the hidden message is displayed to the user.
- An example attack involved directing victims to call a number to reset their Gmail password.
- Google has not yet confirmed if the vulnerability has been fixed, but steps are being taken to mitigate such attacks.
Read More: https://www.securityweek.com/google-gemini-tricked-into-showing-phishing-message-hidden-in-email/