Google Bard recently received powerful updates, including Extensions that allow it to access YouTube, search for flights and hotels, and access a user's personal documents and emails. This opens up the possibility for Indirect Prompt Injection attacks via emails or Google Docs. The article explains the vulnerability of Bard to image markdown injection and the bypass of Google's Content Security Policy. It also showcases a demo and the timeline of the fix for the issue.
Table of contents
What’s next?The Vulnerability - Image Markdown InjectionContent Security Policy BypassWriting the Bard LoggerDemo and Responsible DisclosureShow me the Shell CodeScreenshotsGoogle’s FixConclusionFix TimelineReferencesAppendixSort: