NVIDIA recently launched the beta for its AI-powered ChatRTX app, a generative AI chatbot that runs locally on GeForce RTX 30 and RTX 40 Series hardware with at least 8GB of VRAM. With ChatRTX, being able to run AI locally versus in the cloud is a smart move, as Tensor-RT LLM optimizations and GPU AI acceleration are a big part of NVIDIA’s entire lineup.
If you’re an early adopter of ChatRTX, you should probably update to the latest March 2024 build. The UI contained a couple of ‘Medium’ and ‘High’ severity security vulnerabilities. According to the security bulletin, the more dangerous of the two (given an 8.2 rating) lets potential attackers gain access to system files. This exploit could lead to an “escalation of privileges, information disclosure, and data tampering.”
The second security vulnerability, rated 6.5) doesn’t sound much better. The exploit allows attackers to run “malicious scripts in users’ browsers,” which can cause denial of service, information disclosure, and even code execution.
The good news is that the latest version of ChatRTX with the new security updates is available to download via NVIDIA.com. NVIDIA credits those who pointed out these exploits in its update, and there’s no evidence of them being used to date. However, there’s no denying that these vulnerabilities were pretty alarming – and could point to a whole new industry surrounding generative AI security.
Still, this whole issue makes the ‘Your private data stays on your PC’ claim, as seen in NVIDIA’s ChatRTX promo video, ring a little hollow.
This post was originally published on 3rd party site mentioned in the title of this site
