high

Hacking Google Bard via Prompt Injection

Published Fri, Nov 3rd, 2023

Platforms

gcp

Summary

A vulnerability in Google Bard allowed for prompt injection and data exfiltration through its Extensions feature. By injecting malicious instructions into shared Google Docs, an attacker could force Bard to render images with exfiltrated chat history data in the URL. The exploit bypassed Content Security Policy using Google Apps Script.

Affected Services

Google Bard

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Tue, Sep 19th, 2023

Exploitability Period

Until 2023/10/19

Known ITW Exploitation

-

Detection Methods

Monitor for unexpected image rendering in Google Bard conversations and unusual data access patterns in Google Docs and Gmail linked to Bard.

Piercing Index Rating

-

Discovered by

wunderwuzzi, Embrace The Red

More vulnerabilities...

medium

ApatchMe

awsgcp

Amazon Managed Workflows for Apache Airflow (MWAA) and the Task instance details page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS). This meant that post-authentica...

Liv Matan, Tenable
low

Vertex AI Studio data exfiltration

gcp

In Vertex AI Studio, a Prompt Injection attack could cause the LLM to return markdown tags. This could have allowed an adversary whose data makes it into the chat context (e.g., via an uploaded fil...

Johann Rehberger
low

Azure AI Playground data exfiltration

azure

In Azure AI Playground, a Prompt Injection attack could cause an LLM to return markdown tags. This would have allowed an adversary whose data makes it into the chat context (e.g., via an uploaded ...

Johann Rehberger
View all