ChatGPT blindly trusts browser content, turning the page into a payload

The report describes a prompt-injection vulnerability in ChatGPT that lets attacker-controlled Markdown produce spoofed security alerts, clickable phishing links, and embedded QR codes in the assistant’s output; a researcher demonstrated proof-of-concept attacks that could pivot from browser to mobile and disclosed the issue to OpenAI, which had not confirmed remediation—recommendations include strong sandboxing and treating model-generated content as untrusted.