Find notable cyber news and cases, enriched with sources, timelines, and signals.

BrowserOS WebPromptTrap patch release (0.32.0)

Security Patch Release
First reported
Last updated
Happening score
H score 11
1 unique sources, 1 articles

Summary

Hide ▲

BrowserOS patched WebPromptTrap in version 0.32.0, closing an indirect prompt-injection flaw that could trick users into approving an authorization step inside the agentic browser's AI summary flow. The update removes a browser-side weakness that let hidden instructions in summarized content influence trusted UI behavior. It reduces the chance that a legitimate-looking page can be turned into a deceptive prompt surface.

Related Happenings

AI browser guidance to prompt before reading logged-in accounts and limit agent access

Defensive Guidance
H score28 First: 30.06.2026 11:37 Last: 30.06.2026 11:37 Sources 1

About this happening: **LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...

LayerX BioShocking prompt injection against agentic browsers

Technical Analysis
H score30 First: 24.06.2026 19:05 Last: 24.06.2026 19:05 Sources 1

About this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...

Browser-layer visibility guidance for browser-native threats

Defensive Guidance
H score22 First: 05.06.2026 17:00 Last: 05.06.2026 17:00 Sources 1

About this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...

Apple Background Security Improvements WebKit patch (CVE-2026-20643)

Security Patch Release
H score37 First: 18.03.2026 03:06 Last: 18.03.2026 03:06 Sources 1

About this happening: Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...

Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps

Technical Analysis
H score25 First: 11.03.2026 18:38 Last: 11.03.2026 18:38 Sources 1

About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...

Timeline

  1. 29.05.2026 21:07 2 articles · 1mo ago

    BrowserOS patches WebPromptTrap prompt injection in version 0.32.0

    Mitigation Patch Update

    BrowserOS version 0.32.0 fixes WebPromptTrap, an indirect prompt injection flaw in the open-source agentic browser's AI summary flow that could deceive users into approving an authorization step after processing a legitimate-looking article with hidden instructions.

    Show sources