Nvidia’s ChatRTX AI chatbot, previously known asChat with RTX, has been revealed to have been vulnerable tosevere security vulnerabilities in ChatRTX 0.2 and all priorversions. Fortunately, the latest iteration of ChatRTX 0.2, obtainable from Nvidia’s direct download page, addresses these issues immediately.ChatRTXis Nvidia’s ChatGPT-style software that uses retrieval augmented generation (RAG) in tandem with Nvidia’s Tensort-RT LLM software and RTX acceleration to let users train a chatbot on heir own personal data.
The specific vulnerabilities are identified by the industry standard CWE (Common Weakness Enumeration) system as cross-site scripting attacks (CWE-79) and improper privilege management attacks (CWE-269). Both are UI vulnerabilities that allow attackers access they shouldn’t have, with CWE-79 corresponding to code execution, denial of service, and potential denial of service attacks. Meanwhile, CWE-269 corresponds to privilege escalation, information disclosure, and data tampering attacks.
Remote code executionis infamous as one of the most dangerous vulnerabilities for a piece of hardware or software since it allows attackers to run pretty much anything they like on your system (keyloggers, trackers, etc). This corresponds to the CWE-79 vulnerability addressed, though it’s for browser scripting specifically.
Another pressing form of cyberattack displayed by the CWE-269 vulnerability is “privilege escalation,” which involves an attacker essentially giving themselves administrative privileges over your system and its files. This is obviously quite dangerous by itself, but the danger only compounds with the CWE-79 vulnerability present.
Fortunately, it seems that Nvidia was quick to address this issue as soon as it became aware of it, and there are no reports of these exploits actually being used so far. Knowing that some cutting-edge AI software had such severesecurityvulnerabilities attached is justifiably nerve-wracking, considering its personalized nature would naturally result in exploits sharing personal data.
With any luck, all impacted users will have applied this latest Nvidia ChatRTX update before these vulnerabilities can impact them. The software remains as a beta version for now, with no timeline for the release candidate.
Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.
Christopher Harper has been a successful freelance tech writer specializing in PC hardware and gaming since 2015, and ghostwrote for various B2B clients in High School before that. Outside of work, Christopher is best known to friends and rivals as an active competitive player in various eSports (particularly fighting games and arena shooters) and a purveyor of music ranging from Jimi Hendrix to Killer Mike to the Sonic Adventure 2 soundtrack.
