Dossier
Permiso
Coverage of Permiso in the Nexus archive.
- ChatGPT blindly trusts browser content, turning the page into a payload
A researcher discovered ChatGPT cannot distinguish between its own content and attacker-controlled Markdown from external sources, enabling prompt injection attacks that could inject phishing URLs or fake security alerts. The vulnerability, reported as 'ChatGPhish,' allows attackers to bypass desktop URL defenses via QR codes linking to attacker-controlled content, though it's unclear if OpenAI has fixed the issue.