OpenAI’s Atlas and Perplexity’s Comet browsers are vulnerable to AI Sidebar Spoofing attacks that could lead users to malicious websites or actions. Researchers demonstrated that attackers could inject fake sidebars to deceive users and manipulate their online activities with serious security implications. #AI Sidebar Spoofing #SquareX #CometBrowser #OpenAIBrowserAtlas #CredentialTheft
Keypoints
- Researchers at SquareX discovered vulnerabilities in Atlas and Comet browsers allowing AI Sidebar Spoofing attacks.
- Fake sidebars can be injected via malicious extensions that overlay the genuine AI sidebar in real-time.
- These attacks enable phishing, credential hijacking, and malicious command execution on targeted devices.
- The vulnerability was tested with Google’s Gemini AI in Comet and confirmed on OpenAI’s Atlas browser.
- Users are advised to avoid sensitive activities on these browsers and restrict their use to casual browsing.