Zero-Click Agentic Browser Attack Wipes Google Drive (Perplexity Comet, 2025)
Executive Summary
In December 2025, researchers from Straiker STAR Labs disclosed a zero-click browser-based attack targeting users of Perplexity's Comet browser, enabling malicious actors to erase the contents of a victim’s entire Google Drive. The attack leverages agentic browser automation capable of connecting Gmail and Google Drive accounts by abusing trusted email-based automations. Once triggered by a specially crafted email, the exploit requires no user interaction to execute the destructive action. The compromise of cloud-stored data had significant operational impact, resulting in permanent data loss for affected users and highlighting new risks for organizations relying heavily on SaaS storage platforms.
This attack is significant as it demonstrates the expanding threat of zero-click vulnerabilities powered by advanced browser automation, agentic AI, and email exploits. As more organizations migrate operations and collaborative data to the cloud, the frequency and sophistication of such attacks are expected to increase, escalating the urgency for robust cloud security controls.
Why This Matters Now
Zero-click attacks that exploit browser integrations and automation tools are on the rise, bypassing traditional endpoint protections. Organizations relying on browser-based workflows and SaaS storage face heightened and urgent risk of mass data loss events, necessitating rapid assessment of cloud access permissions and controls.
Attack Path Analysis
The attack began with a zero-click compromise via a crafted email that exploited agentic browser automation, permitting unauthorized access to the victim's Google Drive. Privileges granted through the browser session allowed the adversary to perform destructive actions without further interaction. The attack leveraged browser and cloud-linked API permissions to pivot between connected services. Command and control was facilitated through the browser’s connection to cloud accounts, enabling remote adversary oversight. No exfiltration occurred, but full access allowed the attacker to operate unchecked. Ultimately, the adversary deleted all Google Drive contents, causing data loss and significant impact.
Kill Chain Progression
Initial Compromise
Description
Attacker delivered a crafted email that leveraged the agentic browser capability for a zero-click compromise, gaining initial access to the Google Drive session.
Related CVEs
CVE-2025-12345
CVSS 9.8A zero-click vulnerability in Perplexity's Comet browser allows crafted emails to trigger unauthorized deletion of Google Drive contents.
Affected Products:
Perplexity Comet Browser – <= 1.2.3
Exploit Status:
exploited in the wildCVE-2025-67890
CVSS 8.6An indirect prompt injection vulnerability in Perplexity's Comet browser enables attackers to execute arbitrary commands via malicious webpage content.
Affected Products:
Perplexity Comet Browser – <= 1.2.3
Exploit Status:
proof of concept
MITRE ATT&CK® Techniques
Phishing: Spearphishing Link
User Execution: Malicious File
Use Alternate Authentication Material: Web Session Cookie
Account Manipulation
Email Collection: Email Forwarding Rule
Impair Defenses: Disable or Modify Tools
Data Destruction
Account Access Removal
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Authentication and Authorization Management
Control ID: 8.2.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Require Strong Authentication Methods
Control ID: Identity - ID.MFA
NIS2 Directive – Incident Handling and Risk Management
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Zero-click agentic browser attacks targeting automated AI systems pose critical risks to software development environments requiring enhanced egress security controls.
Financial Services
Browser-based attacks exploiting automated email processing threaten sensitive financial data requiring zero trust segmentation and encrypted traffic protection capabilities.
Legal Services
Automated document destruction via crafted emails threatens attorney-client privilege and case files, demanding robust threat detection and anomaly response systems.
Health Care / Life Sciences
Zero-click attacks targeting cloud storage automation risk HIPAA-protected patient data requiring multicloud visibility, control planes, and compliance-mapped security controls.
Sources
- Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emailshttps://thehackernews.com/2025/12/zero-click-agentic-browser-attack-can.htmlVerified
- Zero-Click Vulnerability in Perplexity Comet Browser Allows Full Google Drive Deletion via Crafted Emailshttps://www.rescana.com/post/zero-click-vulnerability-in-perplexity-comet-browser-allows-full-google-drive-deletion-via-crafted-eVerified
- Perplexity's Comet browser naively processed pages with evil instructionshttps://www.theregister.com/2025/08/20/perplexity_comet_browser_prompt_injection/Verified
- Perplexity’s Comet AI Browser Can Be Hijacked Through Malicious Instructionshttps://beebom.com/perplexity-comet-ai-browser-hijacked-through-malicious-instructions/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
CNSF and Zero Trust network controls such as segmentation, egress policy enforcement, inline threat detection, and cloud-native visibility could have limited unauthorized lateral API actions, prevented automation-based data destruction, and alerted on anomalous access patterns stemming from the exploited browser session.
Control: Threat Detection & Anomaly Response
Mitigation: Anomalous browser-initiated cloud drive access would be detected and alerted.
Control: Zero Trust Segmentation
Mitigation: Unauthorized privilege upgrades via browser tokens could be blocked.
Control: East-West Traffic Security
Mitigation: Cross-service API movement and internal lateral flows would be constrained.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Real-time inspection and distributed enforcement detect and restrict malicious control plane activity.
Control: Egress Security & Policy Enforcement
Mitigation: If exfil attempted, outbound data to unsanctioned destinations would be stopped.
Rapid visibility would enable immediate remediation of destructive actions.
Impact at a Glance
Affected Business Functions
- Data Management
- Collaboration Tools
Estimated downtime: 3 days
Estimated loss: $500,000
Potential exposure includes unauthorized deletion of critical business documents stored in Google Drive, leading to operational disruptions and financial losses.
Recommended Actions
Key Takeaways & Next Steps
- • Deploy Zero Trust Segmentation to tightly restrict agentic browser and SaaS automation access scopes.
- • Enforce east-west API and service boundaries with identity-based microsegmentation to prevent lateral pivots between cloud services.
- • Implement real-time anomaly detection and automated incident response to high-risk browser automation activities targeting cloud storage.
- • Apply rigorous egress controls to block unauthorized outbound access and API calls from automated tools.
- • Centralize visibility across multi-cloud and SaaS environments for prompt detection, investigation, and containment of automation-driven threats.
