CometJacking is a newly discovered attack that targets Perplexity’s Comet AI browser by embedding hidden commands in URL parameters. These instructions grant unauthorized access to various connected services, including email and calendar applications, exposing sensitive user data. The attack leverages the integration between the browser and cloud services to bypass typical security measures.
This exploitation poses significant privacy risks as attackers can surreptitiously extract confidential information without user consent. The risk extends to potential misuse of stolen data, including identity theft and phishing attacks. Users of the Comet AI browser should be aware of this vulnerability and cautious when clicking on suspicious links.
Mitigating this attack requires updates to the browser’s input validation and sanitization processes to prevent hidden instructions from being executed. Additionally, users should employ security best practices and be vigilant about browser permissions and connected services.
👉 Pročitaj original: BleepingComputer
