Google Gemini for Workspace may be abused to generate e-mail summaries that seem respectable however comprise malicious directions or warnings. The issue is that attackers can redirect their victims to phishing websites with out attachments or direct hyperlinks. The vulnerability was submitted to 0DIN (0Day Investigative Community), Mozilla’s GenAI bug bounty program.
Though related oblique immediate assaults on Gemini have been already reported in 2024 and safety measures have been taken, the approach continues to be viable at this time, based on the skilled.
How the assault works
In a weblog submit, GenAI bug bounty technical product supervisor Marco Figueroa explains that the assault depends on crafted HTML / CSS inside the e-mail physique. As a result of the injected textual content is hidden the person by no means sees the instruction within the unique message. The set off occurs when the person requests Gemini to summarize their unread emails, they obtain a manipulated response that seems to be respectable, originating from Gemini itself.
