ChatGPT for Google Sheets Exfiltrates Workbooks
4 hours ago
- #vulnerability
- #AI
- #cybersecurity
- ChatGPT for Google Sheets extension is vulnerable to indirect prompt injection attacks.
- A single attack can exfiltrate multiple workbooks and display phishing overlays.
- The attack bypasses user settings requiring human approval for edits.
- Malicious scripts can run with the extension's permissions and continue even if stopped.
- OpenAI was disclosed but only responded with an automated reply, leading to public disclosure.