Agents
UW study: four of seven agentic browsers let attackers bypass the same-origin policy
A University of Washington team tested seven agentic browsers and found four — ChatGPT Atlas, Chrome with Gemini, Claude for Chrome, and Perplexity Comet — create ways to break the same-origin policy that normally isolates websites from each other's data, via prompt injection and cross-origin memory poisoning. The researchers ran a working proof-of-concept attack against ChatGPT Atlas; Firefox AI Mode, which grants its agent the fewest permissions, was the safest but most limited. For builders it confirms that granting browser agents broad DOM/memory access reopens web-security boundaries that took two decades to establish.
↳ Follow the thread
No related signals yet.