Openai Atlas
Monthly
OpenAI Atlas before 1.2025.288.15 improperly exposed privileged browser APIs - including browser history access and tab open/close controls - to any web content loaded from *.openai.com origins, including the publicly accessible forum.openai.com. Because forum.openai.com harbored an independent cross-site scripting vulnerability, an attacker could chain the two weaknesses: inject a script via the forum XSS, which then silently invokes Atlas's privileged APIs against a visiting victim. No public exploit or CISA KEV listing has been confirmed at time of analysis, though a public security research blog (hacktron.ai) describes the attack surface; the EPSS score of 0.02% (4th percentile) reflects low observed exploitation probability.
OpenAI Atlas before 1.2025.288.15 improperly exposed privileged browser APIs - including browser history access and tab open/close controls - to any web content loaded from *.openai.com origins, including the publicly accessible forum.openai.com. Because forum.openai.com harbored an independent cross-site scripting vulnerability, an attacker could chain the two weaknesses: inject a script via the forum XSS, which then silently invokes Atlas's privileged APIs against a visiting victim. No public exploit or CISA KEV listing has been confirmed at time of analysis, though a public security research blog (hacktron.ai) describes the attack surface; the EPSS score of 0.02% (4th percentile) reflects low observed exploitation probability.