{"slug": "chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload", "title": "ChatGPT blindly trusts browser content, turning the page into a payload", "summary": "ChatGPT's blind trust in browser content allows attackers to weaponize web pages as payloads for phishing and data theft. The AI model processes and acts on visible text without verifying its source, enabling malicious actors to craft pages that trick the chatbot into executing harmful actions. This vulnerability turns any browser session into a potential attack vector, exposing users to credential theft and unauthorized data access.", "body_md": "### MOST POPULAR\n\n## EVENTS\n\n-\n### Overcoming the trade-offs in data sovereignty\n\nWhat does data sovereignty actually mean for your network, which trade-offs are unavoidable? Learn more.\n\n-\n### From Prompt to Exploit: How LLMs Are Changing API Attacks\n\nModern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks.\n\n-\n### Architecting the Future: Unlocking Enterprise Data Services for Kubernetes\n\nJoin us to discover how to eliminate infrastructure silos and establish a standardized, enterprise-grade cloud-native platform.\n\n-\n### Catch the Advanced Attacks Microsoft 365 Misses with Behavioral AI Security\n\nMicrosoft 365 is the backbone of enterprise communication, and its native security filters out the known and the noisy.\n\n-\n### Virtual Cyber Recovery Sim\n\nStep into the chaos of a live ransomware breach, test your response skills, and team up with other IT and security pros to outsmart cybercriminals\n\n-\n### Virtual Cyber Recovery Simulation\n\nRansomware attacks aren’t slowing down, and neither are we. Druva’s hit event, Escape Ransomware, is now fully virtual.\n\n-\n### Agentic AI at Scale: From Pilot to Production\n\nJoin us to learn how to unlock real ROI by driving adoption of AI at scale.\n\n[AI](https://beta.theregister.com/tag/ai)\n\n-\nSecurity\n\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\nResearch\n\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\nScience\n\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\nCyber-Crime\n\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\nSoftware\n\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n[Infosec](https://beta.theregister.com/security)\n\n-\nSecurity\n\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\nResearch\n\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\nScience\n\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\nCyber-Crime\n\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\nSoftware\n\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n[FOSS](https://beta.theregister.com/tag/FOSS)\n\n-\n#### ChatGPT blindly trusts browser content, turning the page into a payload\n\nYou and me go ChatGPhish-ing in the dark\n\n-\n#### Russia-linked threat group put ChatGPT to work from lure to payload\n\nResearchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government\n\n-\n#### Blue Origin's New Glenn makes a crater-sized dent in Artemis plans\n\nExplosion wrecks rocket and pad, leaving NASA's lunar ambitions looking less than launch-ready\n\n-\n#### ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak\n\nTelco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there\n\n-\n#### That an app 'Fits on a Floppy' is still a useful measure in 2026\n\nIn a world of mass-produced bot-slopware, small is more beautiful than ever\n\n-\n#### Jammin' on UK defence secretary's jet as Russia blamed for GPS interference\n\nEstonian academic fingers mobile tower-mounted devices as Kremlin tries to swat Ukrainian forces\n\n[FEATURES](https://www.theregister.com/tag/features?_gl=1*esekfm*_ga*NzgyNjE4NzEwLjE3NzExNzQ4MjA.*_ga_JXW44Y23NM*czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA..)\n\n-\n### Europe built sovereign clouds to escape US control. Then forgot about the processors\n\n-\n### Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data\n\n-\n### Europe wants out from under US tech – but first it has to find the exits\n\n-\n### GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet\n\n-\n### OpenClaw, but in containers: Meet NanoClaw\n\n-\n### Open source registries don't have enough money to implement basic security\n\n-\n### Contain your Windows apps inside Linux Windows\n\n-\n### The Linux mid-life crisis that's an opportunity for Tux-led transformation\n\n-\n### Too much AI for some, too little for others: Why AMD can't win with investors\n\n-\n### How agentic AI can strain modern memory hierarchies", "url": "https://wpnews.pro/news/chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload", "canonical_source": "https://www.theregister.com/research/2026/05/29/chatgpt-prompt-injection-turns-web-pages-into-phishing-lures/5248137", "published_at": "2026-05-29 12:00:00+00:00", "updated_at": "2026-05-29 12:10:57.293334+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "ai-research", "ai-products"], "entities": ["ChatGPT", "Microsoft 365", "Druva"], "alternates": {"html": "https://wpnews.pro/news/chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload", "markdown": "https://wpnews.pro/news/chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload.md", "text": "https://wpnews.pro/news/chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload.txt", "jsonld": "https://wpnews.pro/news/chatgpt-blindly-trusts-browser-content-turning-the-page-into-a-payload.jsonld"}}