ChatGPT Atlas persistent memory CSRF memory corruption flaw
Vulnerability
Summary
Hide ▲
Show ▼
ChatGPT Atlas has a CSRF flaw that can inject malicious instructions into persistent memory, creating a pathway to arbitrary code execution across sessions and devices. The flaw can also enable account takeover, privilege escalation, and data exfiltration when a logged-in user later uses ChatGPT normally. The issue matters because the tainted memory can survive until it is explicitly deleted.
Related Happenings
Tenable's ChatGPT prompt-injection and url_safe bypass analysis
Technical Analysis
First: 06.11.2025 17:49
Last: 06.11.2025 17:49
Sources 1
About this happening:
Tenable uncovered **seven ChatGPT vulnerabilities** that let attackers drive **prompt injection**, **phishing redirects**, and **memories/chat history exfiltration** through **Sea...
Tenable's ChatGPT prompt-injection and url_safe bypass analysis
Technical AnalysisAbout this happening: Tenable uncovered **seven ChatGPT vulnerabilities** that let attackers drive **prompt injection**, **phishing redirects**, and **memories/chat history exfiltration** through **Sea...
ChatGPT/SearchGPT prompt injection and data exfiltration weaknesses security flaw
Vulnerability
First: 06.11.2025 12:00
Last: 06.11.2025 12:00
Sources 1
About this happening:
Researchers uncovered **seven weaknesses** in **OpenAI's ChatGPT/SearchGPT** that could let an attacker use **prompt injection** and **safety bypass** techniques to steal **privat...
ChatGPT/SearchGPT prompt injection and data exfiltration weaknesses security flaw
VulnerabilityAbout this happening: Researchers uncovered **seven weaknesses** in **OpenAI's ChatGPT/SearchGPT** that could let an attacker use **prompt injection** and **safety bypass** techniques to steal **privat...
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
Vulnerability
First: 05.11.2025 16:04
Last: 05.11.2025 16:04
Sources 1
About this happening:
**OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
OpenAI ChatGPT indirect prompt injection vulnerabilities GPT-4o/GPT-5 security flaw
VulnerabilityAbout this happening: **OpenAI's ChatGPT** has a newly disclosed set of **indirect prompt injection** flaws in **GPT-4o and GPT-5** that could let an attacker steal data from **users' memories and chat...
Timeline
-
27.10.2025 16:31 1 articles · 7mo ago
ChatGPT Atlas CSRF flaw exposes persistent memory to hidden instruction injection
Initial DisclosureLayerX Security identifies a new vulnerability in OpenAI's ChatGPT Atlas web browser that uses a cross-site request forgery (CSRF) flaw to inject malicious instructions into ChatGPT's persistent memory. The tainted memory can persist across devices and sessions and may later trigger arbitrary code execution, privilege escalation, account takeover, browser compromise, or data exfiltration when a logged-in user makes normal ChatGPT requests.
Show sources
- New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands — thehackernews.com — 27.10.2025 16:31