Tenable, an exposure management firm, recently discovered three significant vulnerabilities in Google’s Gemini suite, referred to as the “Gemini Trifecta.” These flaws could have permitted attackers to manipulate Gemini’s functionality and exfiltrate sensitive user data, such as location details and saved memories, without needing direct access or malware.
The vulnerabilities were found in three key components: Gemini Cloud Assist, where poisoned log entries could be executed unknowingly; the Gemini Search Personalization Model, which mishandled malicious browser history queries as trusted inputs; and the Gemini Browsing Tool, which could be deceived into making hidden requests, transmitting private data to malicious servers.
Tenable noted that the core issue stemmed from Gemini’s inability to differentiate between safe and harmful user input. Google has now patched these vulnerabilities, requiring no further action from users. However, Tenable recommends that security teams treat AI-driven tools as potential attack surfaces and enhance defenses against manipulation attempts.
Source link
