Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
Overview
A new zero-click attack has been identified that targets the Perplexity Comet browser, allowing malicious emails to delete all contents of a user's Google Drive. This technique exploits the automation capabilities of the browser when connected to Gmail and Google Drive, posing a significant risk to users' data security.
Key Takeaways
- Affected Systems: Perplexity Comet browser, Google Drive, Gmail
- Action Required: Users should be cautious about granting permissions to their browser for accessing email and cloud services.
- Timeline: Newly disclosed
Original Article Summary
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them
Impact
Perplexity Comet browser, Google Drive, Gmail
Exploitation Status
The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.
Timeline
Newly disclosed
Remediation
Users should be cautious about granting permissions to their browser for accessing email and cloud services. Regularly review connected apps and services, and consider disabling automation features until further guidance is provided.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Google.