{"id":351060,"date":"2025-10-27T06:20:00","date_gmt":"2025-10-27T13:20:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=400154"},"modified":"2025-10-27T07:49:47","modified_gmt":"2025-10-27T14:49:47","slug":"if-you-have-switched-to-atlas-openais-browser-you-have-a-huge-security-gap-on-your-computer","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/if-you-have-switched-to-atlas-openais-browser-you-have-a-huge-security-gap-on-your-computer\/","title":{"rendered":"If you have switched to Atlas, OpenAI's browser, you have a huge security gap on your computer"},"content":{"rendered":"\n

The newly launched Atlas web browser from OpenAI has been affected by a command injection attack that allows attackers to disguise malicious instructions as innocent URLs. According to a report from NeuralTrust, this vulnerability resides in the browser’s omnibox, which interprets user input both as a URL to navigate to and as a natural language command for the artificial intelligence agent<\/strong>.<\/p>\n\n\n

A problem of enormous magnitude<\/h2>\n\n\n

Attackers can manipulate the omnibox by creating malformed URLs that start with “https” and contain domain text, followed by instructions that can execute harmful commands. If an unsuspecting user enters this misleading string into the omnibox, the browser may treat it as a high-trust command<\/strong>, allowing harmful actions, such as redirecting the victim to phishing pages or even deleting files from connected applications like Google Drive.<\/p>\n\n\n

The CISO of OpenAI, Dane Stuckey, has acknowledged that command injection is an unresolved security issue that requires ongoing attention. Despite the company implementing training techniques and additional security measures to mitigate these risks, the challenge persists and could allow malicious actors to devise innovative ways to exploit this vulnerability<\/strong>.<\/p>\n\n\n

\n