From securityaffairs.com
Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers.
ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.
Plugins can allow users to interact with third-party services such as Github, Google Drive, and Saleforce.
By using plugins, users authorize ChatGPT to transmit sensitive data to third-party services. In some cases, this involves granting access to their private accounts on platforms they need to interact with