Technical description
Summarize prior to version 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension's automation feature is enabled. Attackers can influence the agent through malicious page content or summary content to invoke browser automation actions on the user's behalf without explicit consent.
Attack vector
When a user visits a webpage or views AI-generated summary content containing attacker-controlled text, the Summarize agent can be manipulated to trigger browser automation actions (such as navigation, form submission, or element interaction) without requiring per-action user approval. This is an indirect prompt injection attack vector where the agent's tool-use capability is hijacked by content that appears benign but contains instructions or context that trigger unintended automation.
Affected systems
Summarize browser extension versions prior to 0.15.1. Summarize is a browser extension that uses AI agents to summarize web content and optionally automate browser interactions. The vulnerability affects users who have enabled the browser automation feature.
Mitigation
Upgrade to Summarize version 0.15.1 or later, which adds per-action user authorization prompts for browser automation invocations. Users unable to upgrade should disable the browser automation feature in Summarize settings. For developers building similar agentic browser extensions, this CVE illustrates the need for per-action authorization gates on tool invocations, especially when the agent processes untrusted external content.