Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails - The Hacker News

A new zero-click agentic browser attack exploits the excessive agency of LLM-powered assistants, allowing specially crafted emails to trick the browser agent into executing destructive commands. This "Google Drive Wiper" technique leverages granted OAuth access to delete an entire user's Google Drive contents without requiring user confirmation.