Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BrowserOS WebPromptTrap patch release (0.32.0)

Security Patch Release
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

BrowserOS patched WebPromptTrap in version 0.32.0, closing an indirect prompt-injection flaw that could trick users into approving an authorization step inside the agentic browser's AI summary flow. The update removes a browser-side weakness that let hidden instructions in summarized content influence trusted UI behavior. It reduces the chance that a legitimate-looking page can be turned into a deceptive prompt surface.

Related Happenings

Apple Background Security Improvements WebKit patch (CVE-2026-20643)

Security Patch Release
First: 18.03.2026 03:06 Last: 18.03.2026 03:06 Sources 1

About this happening: Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...

Open Happening

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Open Happening

QuickLens and ShotBird malicious Chrome extension update chain

Malware Activity
First: 09.03.2026 12:28 Last: 09.03.2026 12:28 Sources 1

About this happening: The **QuickLens** and **ShotBird** Chrome extensions have become **malicious after ownership transfer**, turning trusted add-ons into a delivery path for code injection and data t...

Open Happening

Stanley MaaS markets malicious Chrome-extension phishing service

Threat Actor Meta
First: 27.01.2026 01:46 Last: 27.01.2026 01:46 Sources 1

About this happening: **Stanley** is a **malware-as-a-service (MaaS)** platform for **malicious Chrome extensions** that helps operators deliver **phishing pages** through the browser while keeping the...

Open Happening

Browser-native ConsentFix defense guidance for Microsoft environments

Defensive Guidance
First: 14.01.2026 17:01 Last: 14.01.2026 17:01 Sources 1

About this happening: **ConsentFix** is driving a shift toward **browser-level monitoring** because the attack runs entirely in the browser and can bypass traditional identity controls, increasing take...

Open Happening

Timeline

  1. 29.05.2026 21:07 2 articles · 1h ago

    BrowserOS patches WebPromptTrap prompt injection in version 0.32.0

    Mitigation Patch Update

    BrowserOS version 0.32.0 fixes WebPromptTrap, an indirect prompt injection flaw in the open-source agentic browser's AI summary flow that could deceive users into approving an authorization step after processing a legitimate-looking article with hidden instructions.

    Show sources
    Open in new tab