Recently, Perplexity AI’s Comet AI Browser was made free for all. And now, various tech and security platforms are warning users against malicious code injection on Comet AI Browser. Many people prefer AI-enabled browsers for how easier their lives become. For example, a single prompt could virtually help you book a flight ticket at the best rates. This assumes that you already have your payment details on the browser. And, that’s where the issue lies. Sources claim that a simple malicious code on a website you visit is capable of leaking sensitive information to hackers, not limited to credit card details, calendar data and even your e-mails.
Also note that Discord is running a promotion right now where users using the Comet Browser for 15 minutes using the Discord client are rewarded with 5000 Orbs. On Discord, these Orbs can be redeemed against Nitro subscription, avatar decorations, etc.
How do hackers use Comet AI Browser vulnerabilities to steal data?
There could be several ways hackers do that. But, two ways have come to the fore that has the potential to affect thousands, if not millions. So, let’s go through them.
Malicious code injection on Comet AI Browser, triggered by Page Summary Request
One of the major features on Comet Browser and pretty much all AI-enabled browser is the Page Summary. You just ask the AI agent to summarise the page and voila, you have a tl:dr version of huge chunks of text ready for consumption. But, Brave Browser’s team recently demonstrated how this can be easily abused by hackers using very simple techniques, often just involving a few lines of HTML code. This means the malicious code could be found anywhere, even on social media websites. So, let us see how this works:-
- Hackers hide malicious code on websites, which are actually AI agent prompts instructing the AI agent on your browser to run certain tasks. This code can be hidden in plain sight using simple CSS, like
display:none;or on many social media platforms, spoiler (<spoiler>) tags could be utilised. This way you wouldn’t see these prompts when you visit the website, atleast not until you inspect the code. - The user asks the AI agent to summarise the page. The agent parses the whole webpage, including the hidden AI prompt.
- The web browser’s AI agent interprets these prompts to be genuine requests from the user and complies with it.
Remember that these prompts could make the agent do something as simple as replying to an e-mail, to even sharing your saved sensitive information on some platforms. To know more, check out the article on Brave Browser’s blog that has a video demonstrating this vulnerability in action.
CometJacking: Triggered by clicking on a malicious link
This method is more obvious compared to the first. If you are someone who takes basic precaution while opening unknown e-mails and links, you are “probably” safe! This one too works on principles similar to the earlier method. Let me explain quickly.
- Hackers hide malicious AI prompts in URLs/links. The concerning thing is that these codes can even be included in the collection parameters of URL, which is the portion of the URL suffixing the ‘?,’ for example,
https://https://blog.compardre.com?malicious_code=[malicious_code]. Some browsers, in order to make URLs look clean might hide the URL parameters which add to security concerns. Just keep this in mind the next time you choose a browser. - User visits the URL on Comet AI Browser.
- The AI browser’s agent interprets the prompt to be a genuine request and obeys it.
Usually, hackers quickly grab your sensitive data and convert it into base64 data, which helps them transmit it to their servers undetected. Base64 heavily deforms the data. For example, the Base64-encoded form of https://blog.compardre.com is aHR0cHM6Ly9ibG9nLmNvbXBhcmRyZS5jb20=. You can try decoding this string at a website like this to confirm.
Also, to see CometJacking in action, watch this video.
How to protect yourself from AI browser vulnerabilities?
Here are a few general tips you can follow to stay safe while using AI-enabled browsers for increased productivity:-
- No matter how tempting it sounds due to the convenience offered, do not save sensitive information on your web browser. This includes bank account details, credit card numbers, etc.
- Do not save important passwords including to financial institutions on your web browser.
- Use an antivirus program with its official web browser plugin/extensions (if any). This will help negate completely or atleast protect you in case you accidentally click on a malicious link or even when you receive one.
- Goes without saying, do not click on unknown links or open attachments from strangers.
- Use an uninstaller like Revo Uninstaller to uninstall unknown apps.
Conclusion
While many users online are recommending removing Comet AI Browser from your devices using Revo Uninstaller (on Windows) and such, it totally depends on you. If you are a tech-savvy person who is well aware of the dos and don’ts of the internet, AI browsers are the next big thing. So, it’s just better if you join the race early, especially if it does boost your productivity. But, I won’t recommend such browsers for the older non-tech-savvy people out there who can’t by themselves differentiate between what’s a trusted source and what’s not. Moreover, I am pretty sure the Perplexity team is working on patching these vulnerabilities at the latest.
Leave a Reply