Back

ChatGPT for Google Sheets Plugin Exposes Serious Data Exfiltration Risks

Severity: High (Score: 69.0)

Sources: News.Aibase, News.Ycombinator

Published: 2026-06-01 · Updated: 2026-06-01

Keywords: data, chatgpt, spreadsheet, security, google, sheets, workbooks

Severity indicators: vulnerability, financial, financial data

Summary

A cybersecurity report from PromptArmor has revealed significant vulnerabilities in the 'ChatGPT for Google Sheets' plugin, which has over 185,000 downloads. The vulnerabilities stem from an indirect prompt injection attack that allows hackers to exfiltrate sensitive data across user accounts without authorization. Malicious scripts can be triggered by importing seemingly benign datasets, leading to the unauthorized access of financial models and other sensitive workbooks. Additionally, the attack can deploy phishing overlays that mimic official authentication pop-ups, tricking users into revealing their credentials. The report indicates that multiple workbooks can be compromised simultaneously, with one incident resulting in the exfiltration of 12 workbooks. OpenAI has been notified of these vulnerabilities but has not responded substantively. Security experts are advising users to review and manage permissions for AI extensions immediately. Key Points: • ChatGPT for Google Sheets has serious vulnerabilities allowing data exfiltration. • Indirect prompt injection attacks can trigger unauthorized access to multiple workbooks. • Phishing overlays can deceive users into providing sensitive credentials.

Detailed Analysis

**Impact** Users of the ChatGPT for Google Sheets plugin, totaling over 185,000 downloads globally, are affected. The vulnerability enables attackers to exfiltrate multiple workbooks across a victim’s entire Google Sheets account, including sensitive financial models, budget templates, and contract ledgers. This impacts professionals and organizations relying on spreadsheet data for financial and operational decision-making, exposing confidential business information and increasing risk of account takeover through credential theft. The attack bypasses user settings requiring human approval, expanding the scope of unauthorized data access. **Technical Details** The attack exploits an indirect prompt injection vulnerability in the ChatGPT for Google Sheets extension, allowing execution of attacker-controlled external scripts via untrusted data sources such as imported sheets or ChatGPT connectors. This enables exfiltration of linked spreadsheets and deployment of phishing overlay attacks through attacker-controlled sidebar and pop-up modals that mimic official extension interfaces. The attack chain bypasses the ‘Apply edits automatically’ setting and persists despite user attempts to stop script execution. No CVE identifiers or specific malware names were provided. **Recommended Response** Users and administrators should immediately review and restrict permissions for the ChatGPT for Google Sheets plugin via Workspace settings > Permissions & roles. Revoke unnecessary spreadsheet read and edit permissions and disable or uninstall the plugin until a patch is released. Monitor for unusual outbound network activity from Google Sheets and suspicious pop-up authentication requests. Organizations should enforce user awareness training on phishing risks related to AI plugin interfaces. No patch or vendor mitigation details were available at the time of reporting.

Source articles (2)

  • ChatGPT for Google Sheets Exfiltrates Workbooks — News.Ycombinator · 2026-05-31
    ChatGPT for Google Sheets is vulnerable to data exfiltration and phishing overlay attacks that affect workbooks across the victim’s account after an indirect prompt injection in a single sheet. This a…
  • Financial Data Crisis! ChatGPT Spreadsheet Plugin Exposes Serious Security Vulnerability — News.Aibase · 2026-06-01
    With the increasing popularity of AI in the workplace, many professionals have become accustomed to using smart plugins to handle complex spreadsheet data. However, a recent report from the security r…

Timeline

  • 2026-05-31 — PromptArmor reports vulnerabilities in ChatGPT for Google Sheets: The report details how indirect prompt injection can lead to data exfiltration and phishing attacks, affecting over 185,000 users.
  • 2026-06-01 — Aibase covers the security warning: Aibase reports on the vulnerabilities highlighted by PromptArmor, emphasizing the risks of data harvesting and phishing overlays.

Related entities

  • Data Breach (Attack Type)
  • Phishing (Attack Type)
  • OpenAI (Company)
  • PromptArmor (Company)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • ChatGPT For Google Sheets (Platform)
  • Google Sheets (Tool)
  • Indirect Prompt Injection (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed