Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AI browsers indirect prompt injection via URL fragments HashJack security flaw

Vulnerability
First reported
Last updated
Happening score
H score 14
2 unique sources, 2 articles

Summary

Hide ▲

HashJack is an indirect prompt injection vulnerability in AI browsers that hides attacker instructions after the # symbol in legitimate URLs, letting a normal-looking link manipulate the assistant into unsafe actions. The issue affected Comet, Copilot for Edge, and Gemini for Chrome; by November 25, fixes had been applied to Comet and Copilot for Edge, while Gemini for Chrome remained unresolved. Researchers said the technique could enable callback phishing, data exfiltration, misinformation injection, malicious downloads, opening ports, and credential theft, and that ordinary server-side and network defenses do not see the fragment payload.

Related Happenings

Torg Grabber browser-extension theft activity

Malware Activity
First: 25.03.2026 20:32 Last: 25.03.2026 20:32 Sources 1

About this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...

Open Happening

VoidStealer debugger-based ABE-bypass infostealer

Malware Activity
First: 22.03.2026 16:32 Last: 22.03.2026 16:32 Sources 1

About this happening: **VoidStealer** now uses a **debugger-based ABE bypass** to steal **Chrome** master keys, increasing the risk of browser credential and sensitive-data theft. The infostealer can e...

Open Happening

LayerX font-rendering PoC exposes a browser-rendering gap in AI assistant analysis

Technical Analysis
First: 17.03.2026 15:59 Last: 17.03.2026 15:59 Sources 1

About this happening: A **LayerX** proof-of-concept showed that a **font-rendering attack** can hide malicious webpage commands from AI assistants, creating a risk of **unsafe guidance** when the brows...

Open Happening

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Open Happening

Timeline

  1. 26.11.2025 12:15 2 articles · 6mo ago

    HashJack fixes applied to Comet and Copilot for Edge

    Mitigation Patch Update

    Perplexity and Microsoft had applied fixes for Comet and Copilot for Edge by November 25, while Gemini for Chrome remained unresolved for HashJack, the indirect prompt injection that hides malicious instructions in the text after the # symbol in legitimate URLs.

    Show sources
    Open in new tab
  2. 26.11.2025 12:15 2 articles · 6mo ago

    Security researchers disclose HashJack indirect prompt injection

    Initial Disclosure

    Security researchers disclosed HashJack as a new indirect prompt injection vulnerability that tricks AI browsers such as Comet, Copilot for Edge and Gemini for Chrome by hiding malicious instructions in URL fragments after the # symbol. The technique can support callback phishing, data exfiltration, misinformation injection, malicious downloads, opening ports and credential theft, while traditional network and server defenses like intrusion detection systems do not see the fragment payload.

    Show sources
    Open in new tab