Researchers at Salt Labs identified three critical security vulnerabilities in ChatGPT plugins that could allow unauthorized access and account takeovers. These vulnerabilities occur during plugin installation, lack of authentication in the PluginLab framework, and OAuth redirection manipulation. The implications are significant, putting a vast number of users and organizations at risk. Security measures and awareness among GenAI and plugin developers are essential to mitigate these risks. The vulnerabilities have been addressed, but this situation underscores the importance of regular security reviews and updates.
Relevant URL: https://www.darkreading.