Google Chrome Attack Warning—Stop Using Your Passwords
New AI attack picked Chrome’s lock in seconds.
Update: Republished on March 21 with new report into browser security, including the rapid acceleration in zero-hour and AI-based attacks.
You have been warned. While password and even two-factor authentication (2FA) compromises are nothing new, this is the week AI really got into the act. First with a generative AI agent tricked into executing its own phishing attack, and now with AI platforms tricked into creating “a fully functional Google Chrome infostealer.”
I reported on the first AI hijack last week. Symantec released a video and a blog showing how its AI phishing expedition worked and warning there was much worse to come. And now Cato Networks has gone even further, tricking ChatGPT, Copilot and DeepSeek into developing infostealing malware. Take this warning seriously. You should stop using passwords and set up more secure options for key accounts.
Symantec’s was the simpler of the two AI attacks. The researcher prompted the AI LLM (large language model) to find a user’s contact details, develop a malicious PowerShell script, and then create an email lure to which the script was attached. The LLM’s security was bypassed by simply saying the task was authorized.
“We’ve been predicting that the advent of AI agents could be the moment that AI-assisted attacks start to pose a greater threat,” Symantec’s Dick O’Brien told me. “Our goal was to see if an agent could carry out an attack end-to-end with no intervention from us other than the initial prompt.”
Just a few days later Cato introduced its “immersive world” attack, a new approach that allowed a security researcher with no malware coding experience to jailbreak the LLMs and create “a fully functional Google Chrome infostealer for Chrome 133… malware that steals sensitive information-including login details, financial information, and other personally identifiable information (PIl).”
The “immersive world” involves a narrative between the researcher and LLM, through which a fictitious narrative is crafted with multiple characters played by the LLMs. These characters are then authorized to conduct what would otherwise be prohibited activities. Thus the infostealer. But in a make-believe world, nothing is flagged.
In this narrative, the application of the malware is not malicious, and so bypasses guardrails. Cato describes this as an LLM “operating under an alternative context, effectively normalizing typically restricted operations,” explaining that “to demonstrate this method’s effectiveness, we used it to develop a Chrome infostealer, validating the Immersive World technique’s ability to bypass standard security controls.”
Full marks for creativity. In Cato’s “specialized virtual environment” called Velora, “malware development is treated as a legitimate discipline. In this environment, advanced programming and security concepts are considered fundamental skills, enabling direct technical discourse about traditionally restricted topics.”
The malware didn’t work immediately, and needed some back and forth, encouraging the LLM that it was “making progress” and “getting closer.” And the credentials stolen from Chrome’s vault were test profiles put there to be attacked. But just as with Symantec’s report, this isn’t intended as a ready-to-go attack, it’s a warning as to the attacks that are on the way, giving us a little time to shore up defenses.
And on that note, the key takeaway here is to stop using passwords. AI-industrialized credential theft is here, whether enhancing current attacks or crafting new ones. You cannot rely on passwords and even simple SMS 2FA any more. As I’ve warned before, go through your accounts — especially comms platforms like messages and email and anything financial or health related — and setup passkeys. And then change passwords and add the strongest possible 2FA for each, and be wary where these are stored.
And the stakes are getting ever higher. In its latest “State of Browser Security Report,” Menlo Security has just reported a “130% increase in zero-hour phishing attacks and identified nearly 600 incidents of genAI fraud.” The researchers browsed through “more than 752,000 browser-based phishing attacks,” finding these were up 140% year-on-year, with the quick turnaround zero-hour attacks the standout finding.
Menlo’s Andrew Harding warns “we’re seeing a dangerous combination of zero-day attacks, advanced social engineering techniques, sophisticated phishing techniques, and readily-available phishing-as-a-service kits, all designed to infiltrate systems and steal valuable data.” The team’s key findings make for stark reading:
- Almost 1 million new phishing sites registered by threat attackers each month, which represents “a 700% increase since 2020.”
- More than half of “browser-based phishing” included brand impersonation, with the usual global tech and services brands being aped most often.
- Almost a week until “legacy security tools begin blocking pages from zero-hour phishing attacks,” with 75% of links hosted “on good, trusted websites.”
- Of the hosting providers used by these bad actors, 80% were U.S. based.
- Increasing use of cloud hosting for malicious content. This includes AWS and CloudFlare, which accounted for almost half “of all instances of abused cloud hosting instances in 2024.”
The specifics of the Symantec, Menlo and Cato reports are less important than this fast-evolving threat landscape. The specifics will change. New methods of attack will be developed as existing ones are identified and defended. Our approach to passwords and legacy 2FA must change to have any chance of keeping pace.
It’s almost two years since Google announced “the beginning of the end of the password,” given they “are often frustrating to remember and put you at risk if they end up in the wrong hands.” At that time the company said “maybe by next year’s World Password Day, you won’t even need to use your password, much less remember it!” That isn’t happening fast enough, albeit it is now accelerating. But the advent of new AI threats means we all need to move much faster. Set aside a half-day and tackle all your passwords at once, set up passkeys where you can.
As SlashNext’s Stephen Kowski warns, “generative AI and LLMs are enabling attackers to create more convincing phishing emails, deepfakes, and automated attack scripts at scale. These technologies allow cybercriminals to personalize social engineering attempts and rapidly adapt their tactics, making traditional defenses less effective. What used to be ‘0-day’ are now ‘0-hour’ at least.”