A critical vulnerability in Perplexity’s Comet browser allows attackers to silently exfiltrate emails, calendar data, and other sensitive user information using a single malicious URL. The technique, dubbed “CometJacking”, was unveiled through a series of proof-of-concept attacks developed and demonstrated by the LayerX team. By embedding a prompt injection payload directly into a URL, attackers … The post Comet AI Browser Vulnerable to Full Data Exfiltration via Malicious URLs appear...
