Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft.

"They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud Assist; and exfiltration of the user's saved information and location data via the Gemini Browsing Tool," Tenable security researcher Liv Matan said in a report shared with The Hacker News.

The vulnerabilities have been collectively codenamed the Gemini Trifecta by the cybersecurity company. They reside in three distinct components of the Gemini suite -

• A prompt injection flaw in Gemini Cloud Assist that could allow attackers to exploit cloud-based services and compromise cloud resources by taking advantage of the fact that the tool is capable of summarizing logs pulled directly from raw logs, enabling the threat actor to conceal a prompt within a User-Agent header as part of an HTTP request to a Cloud Function and other services like Cloud Run, App Engine, Compute Engine, Cloud Endpoints, Cloud Asset API, Cloud Monitoring API, and Recommender API
• A search-injection flaw in the Gemini Search Personalization model that could allow attackers to inject prompts and control the AI chatbot's behavior to leak a user's saved information and location data by manipulating their Chrome search history using JavaScript and leveraging the model's inability to differentiate between legitimate user queries and injected prompts from external sources
• An indirect prompt injection flaw in Gemini Browsing Tool that could allow attackers to exfiltrate a user's saved information and location data to an external server by taking advantage of the internal call Gemini makes to summarize the content of a web page