Yet another research breaks the hype bubble for AI browsers serving serious security flaws


AI browsers are being sold as the next big thing. They can summarize pages, book trips, and even make purchases for you. But a new study from the University of Washington found that four of the seven most popular ones come with a security risk serious enough to let malicious websites steal data from other sites you have open. The more capable the browser, the bigger the risk turns out to be.

The 30-year security rule that AI browsers are breaking

Since 1995, every browser has followed a rule called the same-origin policy, which prevents websites from reading each other’s data. If you have your bank open in one tab and visit a sketchy site in another, that sketchy site cannot touch your banking information. AI browsers need to bypass this rule to function, since completing tasks across multiple tabs requires reading across different sites.

That broader access is exactly what attackers can exploit through two methods. The first is prompt injection, where a malicious webpage hides secret instructions that the AI agent follows without realizing it has been manipulated, potentially exposing your private emails, passwords, or calendar details.

The second method is memory poisoning, where planted instructions get stored in the agent’s memory and activate later, even after the original page is closed. Researchers ran a successful proof-of-concept attack on ChatGPT Atlas, demonstrating the risk is real. Claude for Chrome was flagged as particularly risky because its browser extension design lets it inject code directly into webpages.

Which AI browsers are safe and which ones put your data at risk?

Out of seven browsers, ChatGPT Atlas, Chrome with Gemini, Claude for Chrome, and Perplexity Comet were found vulnerable. Microsoft Edge with Copilot, Brave Leo, and Firefox AI Mode showed stronger security properties, though Firefox was also the most limited in capability.

Researchers disclosed the findings to all companies involved. Anthropic and Firefox did not respond. Whereas Perplexity and OpenAI declined to act, arguing the researchers lacked a complete end-to-end attack demonstration. Meanwhile, Google, Microsoft, and Brave engaged constructively with the findings.

This follows the recent BioShocking exploit, which also showed how AI browsers can be manipulated by context. Right now, the research suggests AI browsers may still be moving faster than their security can keep up.



Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


One of the worst things about the explosion of AI tools is how much more advanced scam calls have become. It’s now entirely possible to get fake calls with voices that sound exactly like people you know. The June Android drop is here to address this (and add some other goodies).

Fake Call Detection

When scammers impersonate your contacts

1. Call spoofing diagram Credit: Google

The aforementioned voice duping is only one part of the scamming process. If the call comes from an unknown number, you’re far more likely to ignore it. That’s why scammers can also make their calls appear to be coming from numbers you trust.

Fake Call Detection is a new feature in the Phone by Google app that pops up an alert when a caller is suspected of impersonating your contacts. The alert says, “This may not be [Name]” and gives you the option to immediately hang up.

Google Photos is your new wardrobe

Digitally store and try on clothes

You may not know it, but there’s an entire category of apps dedicated to allowing people to catalog their wardrobes. Now, Google Photos is hoping to get in on it with a new “Wardrobe” collection.

First, you snap photos of your clothes and let Google Photos neatly put them on a white background. From there, everything can be categorized by item. You can then tap “Create” and put outfits together, which you can digitally try on. It’s a pretty cool feature that many apps charge a fee for.


Personal safety features expand to kids

13 and under

Google is making the Personal Safety app for Pixel phones available to kids under 13. Features include the ability to display medical information, setting emergency contacts on the lock screen, and car crash detection. In addition, kids over 13 can now use Safety Check and real-time sharing with emergency contacts.

“Catch me up” in Google Play Books

Recaps of what you’ve read

Remember Google Play Books? The company’s often overlooked eBook platform is getting a new feature to help you catch up when you haven’t read a book in a while. It works pretty much how you’d expect—AI summarizes what’s happened up until your current position in the book. It’s also possible to highlight text and ask questions about what you’re reading. These features are part of the new “Book Insights” button.

Quick Share 🤝 AirDrop

Now works with more devices

Last year, Google announced that the Pixel 10 series could share content with Apple’s AirDrop through Quick Share. Since then, it has very slowly expanded the functionality to more phones. Now, once again, the company is announcing even more devices.

The previous list was the Pixel 10 series, Galaxy S26 series, Oppo Find X9 series, Find N6, and Vivo X300 Ultra. New entries include the Galaxy S25 series, S24 series, Z Flip 7, Z Fold 7, Z Flip 6, Z Fold 6, Z TriFold, OPPO Find X8 series, OnePlus 15, HONOR Magic V6, and Magic8 Pro.

Keep your eyes peeled for these features to be rolling out to Android devices and the accompanying apps over the next few days and weeks.

Source: Google



Source link