Gemini Enterprise zero-click indirect prompt injection security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Google Gemini Enterprise and Vertex AI Search were patched after researchers found a zero-click indirect prompt injection flaw that could exfiltrate sensitive corporate information from connected Google Workspace sources. The issue, dubbed GeminiJack, let attacker-controlled content poison routine searches without a click or security-control trigger. Google said the weakness was fixed after it was reported in June 2025.
Related Happenings
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
Vulnerability
H score32
First: 07.07.2026 19:37
Last: 07.07.2026 19:37
Sources 1
About this happening:
**Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
Google Dialogflow CX Code Blocks shared-runtime isolation security flaw
VulnerabilityAbout this happening: **Google Dialogflow CX Code Blocks** had a shared-runtime isolation flaw that could let one editable agent affect other **Code Block-enabled agents** in the same **Google Cloud pr...
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical Analysis
H score16
First: 03.06.2026 22:11
Last: 03.06.2026 22:11
Sources 1
About this happening:
Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical AnalysisAbout this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Gemini CLI workspace trust RCE flaw
Vulnerability
H score39
First: 30.04.2026 10:07
Last: 30.04.2026 10:07
Sources 1
About this happening:
Google has fixed **Gemini CLI** and **google-github-actions/run-gemini-cli** flaws that let **untrusted workspace content** trigger **arbitrary commands on the host** in **CI/head...
Gemini CLI workspace trust RCE flaw
VulnerabilityAbout this happening: Google has fixed **Gemini CLI** and **google-github-actions/run-gemini-cli** flaws that let **untrusted workspace content** trigger **arbitrary commands on the host** in **CI/head...
Timeline
-
10.12.2025 14:05 2 articles · 7mo ago
GeminiJack disclosed and patched in Gemini Enterprise
Initial DisclosureResearchers at Noma Security discovered GeminiJack in Google Gemini Enterprise and Vertex AI Search in June 2025 and reported it to Google the same day. Google confirmed receipt in August and worked with the researchers on a fix, Noma Security published a proof-of-concept exploit on December 8, 2025, and Google had deployed updates by December 10, 2025 that changed how Gemini Enterprise and Vertex AI Search interact with their underlying retrieval and indexing systems and fully separated Vertex AI Search from Gemini Enterprise.
Show sources
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05
- Google Fixes Zero Click Gemini Enterprise Flaw That Exposed Corporate Data — www.infosecurity-magazine.com — 10.12.2025 14:05