←back to thread

Comet AI browser can get prompt injected from any site, drain your bank account

(twitter.com)
645 points helloplanets | 4 comments | 24 Aug 25 15:14 UTC | HN request time: 0s | source
Show context
nromiun ◴[24 Aug 25 19:03 UTC] No.45006748[source]
After all the decades of making every network layer secure one by one (even DNS now) people are literally giving a plaintext API to all their secrets and passwords.

Also, there was so much outrage over Microsoft taking screenshots but nothing over this?

replies(4): >>45006813 #>>45007058 #>>45008118 #>>45011908 #
1. compootr ◴[24 Aug 25 19:11 UTC] No.45006813[source]
at least this is opt-in (you must download the browser)

Microsoft's idea was to create the perfect database of screenshots for stealer log software to grab on every windows machine (opt-out originally afaik)

replies(3): >>45007204 #>>45007766 #>>45008331 #
2. justsid ◴[24 Aug 25 19:55 UTC] No.45007204[source]
I’m all for people being allowed to use computers to shoot themselves in the foot. It’s my biggest issue with the mobile eco-system. But yes, the underlying OS ought to be conservative and not pull things like that. If I as a user want to opt into this that’s a different matter.
3. moritzwarhier ◴[24 Aug 25 21:03 UTC] No.45007766[source]
Well I think at least a double-digit percentage of people could be persuaded to enter their e-mail credentials into a ChatGPT or Gemini interface – maybe even a more untrusted one –under the pretense of helping with some business idea or drafting a reply to an e-mail.
4. chrisjj ◴[24 Aug 25 22:23 UTC] No.45008331[source]
Like the MS one was opt-in because you had to have Windows...