Researchers have warned users to stop using the email GPT service because of the security risk. Exploiting this flaw could potentially lead to system crashes and data exposure leading to financial losses.

Email GPT Extension Vulnerability Threatens Users

Sharing details recently. PostResearchers at the Synopsys Cybersecurity Research Center (CyRC) highlighted how a critical security flaw in EmailGPT puts users’ security at risk.

Email GPT is one. Creating AI-powered email API and browser extensions. take the benefit OpenAI’s GPTit allows users to quickly create email drafts and replies through prompts generated based on previous user communications.

As explained, the researchers discovered several instant injection vulnerabilities that an adversary could exploit to hijack service logic. Consequently, attackers can force the service to leak hardcoded system prompts and act on malicious prompts.

Regarding the impact of such exploits, the researchers mention users who repeatedly suffer financial losses due to malicious alerts that an attacker can create for APIs that pay per use. Works on the model. Furthermore, an attacker can also plant malicious signals that could cause the service to leak sensitive user information, or even trigger a denial of service.

This risk has been identified. CVE-2024-5184According to the CyRC advisory, achieved a moderate severity rating and a CVSS score of 6.5.

No patch is available yet.

According to the timeline shared in the advisory, the researchers first tried to contact the email GPT developers and reported the flaw in February 2024, after which multiple attempts were made. However, despite their efforts, the researchers did not receive any response from the service regarding risk-related reforms.

Consequently, upon completion of the standard 90-day disclosure period, the researchers proceeded with public disclosure.

For now, there is no workable patch or mitigation for the vulnerability. Given the risks associated with the potential exploit, the researchers advise users to stop using the Email GPT service (API and browser extension) until a fix is ​​found.

Let us know your thoughts in the comments.



Source link