Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Straiker STAR Labs' discovery of a zero-click agentic browser attack targeting Perplexity's Comet browser, capable of deleting entire Google Drive contents using crafted emails, marks a significant vulnerability in browser security. This means that website owners who use Google Drive to store sensitive information, such as website backups or customer data, are at risk of losing critical information if their employees or users fall victim to this attack. Furthermore, if a website owner's Google Drive is compromised, it could also lead to unauthorized access to website files, potentially allowing malicious actors to inject malware or deface the website. To protect against such threats, website owners should ensure their llms.txt files are up-to-date and configured to block any suspicious bot traffic. Additionally, they should implement robust email filtering systems to detect and block crafted emails that could trigger the agentic browser attack. Lastly, website owners should consider using alternative cloud storage services or implementing additional security measures, such as two-factor authentication, to safeguard their Google Drive accounts and prevent potential data breaches.