Description

In the article, wunderwuzzi delves into the security concerns that arise from Google Bard's latest updates, particularly focusing on Extensions which allow Bard to access YouTube, search for flights and hotels, and even personal documents and emails. This means Bard can now analyze a user's Drive, Docs, and Gmail, making it susceptible to Indirect Prompt Injection attacks. The author illustrates this by successfully testing prompt injection with older YouTube videos and Google Docs, demonstrating how attackers might force-share Google Docs with victims and exploit the vulnerability when the victim interacts with the document using Bard. Additionally, a common vulnerability in LLM apps, chat history exfiltration via rendering of hyperlinks and images, is explored in the context of Google Bard. The article also discusses the bypassing of Google's Content Security Policy to render images from an attacker-controlled server using Google Apps Script.