Browser Threat Report: Gemini AI, Chrome Malware, Deno RCE

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data

• A prompt injection vulnerability in Google Gemini's web interface allowed attackers to trick the AI into divulging sensitive user data, including private Google Calendar event details.
• The flaw exploited the AI's ability to process hidden HTML content within seemingly innocuous calendar invites, leading it to extract and expose information not intended for sharing.
• This vulnerability underscores the risks of large language models interacting with browser-rendered content, creating new vectors for data exfiltration and privacy breaches.

Source: The Hacker News | Date: January 22, 2026

RedLine Stealer Leverages Clipjack Technique for Cryptocurrency Theft

• The RedLine stealer is employing a clipjack technique to monitor users' clipboards, specifically targeting cryptocurrency wallet addresses.
• When a user copies a legitimate cryptocurrency address in their browser, the malware swiftly replaces it with an attacker-controlled address, leading to funds being diverted during transactions.
• This method allows for stealthy cryptocurrency theft, impacting users who frequently copy and paste wallet addresses in browser-based cryptocurrency transactions.

Source: The Hacker News | Date: January 22, 2026

Copilot Attack Exploits AI Models for Data Exfiltration and Malicious Code Generation

• A "Copilot Attack" involves prompt injection techniques targeting AI models, such as GitHub Copilot, to manipulate their output.
• Attackers can coerce these AI assistants into generating malicious code snippets or revealing sensitive information by crafting deceptive prompts.
• This type of attack poses a risk to developers and users relying on AI assistants integrated into browser-based development environments, potentially leading to supply chain compromises.

Source: The Hacker News | Date: January 22, 2026

CrashFix Chrome Extension Delivers ModeloRAT via Browser Crash Lures

• A malicious Chrome extension named "CrashFix" has been observed delivering the ModeloRAT malware by mimicking legitimate browser crash alerts.
• The extension uses "ClickFix"-style browser crash lures to trick users into installing it, subsequently gaining control over the browser and system.
• ModeloRAT, distributed through this method, aims to steal sensitive information and maintain persistence on compromised systems.

Source: The Hacker News | Date: January 23, 2026

Critical Deno JavaScript Runtime Flaws Expose Systems to RCE and Secret Leaks

• Two critical vulnerabilities, CVE-2026-22863 and CVE-2026-22864, were disclosed in the Deno JavaScript/TypeScript runtime, posing risks of secret exposure and remote code execution.
• CVE-2026-22863 allows for the leakage of environment variables and sensitive secrets, while CVE-2026-22864 enables arbitrary code execution due to a flaw in internal package handling.
• Users of Deno are strongly advised to update to patched versions immediately to mitigate these high-severity vulnerabilities, as they can lead to full system compromise.

Source: SecurityOnline.info | Date: January 23, 2026

References

1. Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites - The Hacker News
2. ⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More - The Hacker News
3. CrashFix Chrome Extension Delivers ModeloRAT Using ClickFix-Style Browser Crash Lures - The Hacker News
4. Critical Deno Flaws Risk Secrets (CVE-2026-22863) & Execution (CVE-2026-22864) - SecurityOnline.info