If allowed by the user, Bing Chat can see currently open websites. We show that an attacker can plant an injection in a
website
the user is visiting, which silently turns Bing Chat into a Social Engineer who seeks out and exfiltrates personal information.
The user doesn’t have to ask about the website or do anything except interact with Bing Chat while the
website is opened in the browser.
Microsoft prevents content from GitHub pages domains from being ingested
by Bing Chat at the present time, so if you want to try it for yourself you
can try to download the pirate example from below and open it locally in Edge.
Leave A Comment