A command injection vulnerability, dubbed ‘ChatGPT Tainted Memories,’ was discovered in the Atlas web browser by security researcher Adelin Travers of the Synacktiv Red Team. The flaw resided within the browser’s AI assistant feature, which leverages OpenAI’s ChatGPT technology to interact with the user’s browsing history, a feature called “Memories.” The vulnerability enabled a proof-of-concept attack that demonstrated the ability to execute arbitrary commands on the user’s system.

Exploit Mechanism and Impact

The vulnerability was triggered when a user saved a specially crafted, malicious URL to their browser’s “Memories.” The AI assistant’s backend, which processed this data, used Python’s eval() function in an unsafe manner. By embedding a command within the malicious URL, such as “||calc||”, an attacker could trick the backend script into executing it. In his successful proof-of-concept, Travers was able to remotely launch the calculator application on the machine running the browser, thereby confirming the command injection flaw.

Discovery and Remediation Timeline

Adelin Travers discovered the vulnerability on November 24th, 2023. Following responsible disclosure practices, the researcher reported the findings to the Atlas browser development team on November 27th, 2023. The developers acknowledged the security flaw on the same day. A patch was subsequently developed and released in Atlas browser version 1.1.2 on December 1st, 2023, effectively resolving the issue. The details of the vulnerability were publicly disclosed on February 27th, 2024.

Source: https://hackread.com/chatgpt-tainted-memories-atlas-browser/