THREATOPS
THREAT OPSThreat News › Computer-Use and TOCTOU: What You Click Is Not What You Get!

Computer-Use and TOCTOU: What You Click Is Not What You Get!

medembracetheredPublished 2026-06-25

<p>Last year, Jun Kokatsu disclosed an <a href="https://github.com/google/security-research/security/advisories/GHSA-mp56-7vrw-qxvf">interesting vulnerability</a> with ChatGPT Operator by exploiting a race condition. I was wondering if I could reproduce this attack chain, and this post describes the results of that research.</p> <p>I had this post drafted for months, and yesterday at the <a href="

Indicators of compromise

Original source: https://embracethered.com/blog/posts/2026/toctou-agent-what-you-click-is-not-what-you-get/