🟠 High | Source: The Hacker News
A flaw in Google’s Dialogflow CX allowed an attacker with edit access to one chatbot agent to compromise other agents within the same Google Cloud project that had Code Blocks enabled. Exploitation could enable attackers to intercept live conversations, exfiltrate user-submitted data, and inject malicious messages — including fake password prompts. The vulnerability was discovered by Varonis and has since been patched by Google.
Security Architect’s Take: Audit who holds edit-level permissions on Dialogflow CX agents in your GCP projects and apply the principle of least privilege immediately. Treat agent edit rights as high-privilege access, particularly in projects where Code Blocks are enabled, and review any integrations that handle sensitive user input.
Original advisory: Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots