BrowserOS WebPromptTrap patch release (0.32.0)
Security Patch Release
Summary
Hide ▲
Show ▼
BrowserOS patched WebPromptTrap in version 0.32.0, closing an indirect prompt-injection flaw that could trick users into approving an authorization step inside the agentic browser's AI summary flow. The update removes a browser-side weakness that let hidden instructions in summarized content influence trusted UI behavior. It reduces the chance that a legitimate-looking page can be turned into a deceptive prompt surface.
Related Happenings
AI browser guidance to prompt before reading logged-in accounts and limit agent access
Defensive Guidance
H score28
First: 30.06.2026 11:37
Last: 30.06.2026 11:37
Sources 1
About this happening:
**LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...
AI browser guidance to prompt before reading logged-in accounts and limit agent access
Defensive GuidanceAbout this happening: **LayerX** recommends tightening **AI browser agent mode** so the browser must ask before reading from **logged-in accounts**, reducing the risk of **credential theft** through **...
LayerX BioShocking prompt injection against agentic browsers
Technical Analysis
H score30
First: 24.06.2026 19:05
Last: 24.06.2026 19:05
Sources 1
About this happening:
Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
LayerX BioShocking prompt injection against agentic browsers
Technical AnalysisAbout this happening: Researchers demonstrated **BioShocking**, a prompt-injection technique that pushed **six agentic browsers and plugins** past guardrails and made them **copy login credentials** fo...
Browser-layer visibility guidance for browser-native threats
Defensive Guidance
H score22
First: 05.06.2026 17:00
Last: 05.06.2026 17:00
Sources 1
About this happening:
**Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...
Browser-layer visibility guidance for browser-native threats
Defensive GuidanceAbout this happening: **Security teams** are being pushed to treat **browser sessions** as the primary detection surface for **phishing**, **credential theft**, and **ClickFix**. **Browser-native attac...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch Release
H score37
First: 18.03.2026 03:06
Last: 18.03.2026 03:06
Sources 1
About this happening:
Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Apple Background Security Improvements WebKit patch (CVE-2026-20643)
Security Patch ReleaseAbout this happening: Apple's **first Background Security Improvements** release patches **CVE-2026-20643** in **WebKit**, letting **iPhones, iPads, and Macs** get a security fix **without a full OS up...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
H score25
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisAbout this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Timeline
-
29.05.2026 21:07 2 articles · 1mo ago
BrowserOS patches WebPromptTrap prompt injection in version 0.32.0
Mitigation Patch UpdateBrowserOS version 0.32.0 fixes WebPromptTrap, an indirect prompt injection flaw in the open-source agentic browser's AI summary flow that could deceive users into approving an authorization step after processing a legitimate-looking article with hidden instructions.
Show sources
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface — thehackernews.com — 29.05.2026 21:07
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface — thehackernews.com — 29.05.2026 21:07