Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

Researchers from Straiker STAR Labs discovered a zero-click agentic browser attack targeting Perplexity's Comet browser. The attack uses crafted emails to perform destructive actions without user interaction, capable of completely wiping a user's Google Drive contents. The technique exploits the browser's integration with services like Gmail and Google Drive, leveraging automated task capabilities to perform unauthorized actions. This represents a new class of attack vector that combines email-based delivery with automated browser agents to achieve zero-click exploitation.