Security researchers have unveiled a major vulnerability in Google Gemini for Workspace, allowing attackers to incorporate covert malicious commands in emails. This exploit targets the “Summarize this email” feature, enabling the display of fake security warnings that mimic Google alerts, heightening the risk of credential theft and social engineering attacks.
Key Points:
1. Malicious commands utilize hidden HTML/CSS that Gemini processes without links or scripts.
2. The attack can deceive users by presenting fabricated security alerts from Google.
3. Affects Gmail, Docs, Slides, and Drive, with potential for cross-platform AI worms across Google Workspace.
4. The vulnerability employs an indirect prompt injection technique by embedding invisible text, escalating phishing risks.
Mitigation strategies include HTML linting, LLM firewalls, and user awareness training. AI providers must implement improved HTML sanitization and enhance transparency regarding AI-generated outputs, as AI assistants increasingly become viable attack vectors.
For live malware analysis, consider using ANY.RUN.
Source link