Critical security fixes issued for NVIDIA's ChatRTX AI Chatbot, so make sure you update

'Escalation of privileges, information disclosure, and data tampering.' A couple of major security flaws in NVIDIA's ChatRTX AI chatbot discovered.

Published
Updated
1 minute & 16 seconds read time

NVIDIA recently launched the beta for its AI-powered ChatRTX app, a generative AI chatbot that runs locally on GeForce RTX 30 and RTX 40 Series hardware with at least 8GB of VRAM. With ChatRTX, being able to run AI locally versus in the cloud is a smart move, as Tensor-RT LLM optimizations and GPU AI acceleration are a big part of NVIDIA's entire lineup.

If you're an early adopter of ChatRTX, you should probably update to the latest March 2024 build. The UI contained a couple of 'Medium' and 'High' severity security vulnerabilities. According to the security bulletin, the more dangerous of the two (given an 8.2 rating) lets potential attackers gain access to system files. This exploit could lead to an "escalation of privileges, information disclosure, and data tampering."

The second security vulnerability, rated 6.5) doesn't sound much better. The exploit allows attackers to run "malicious scripts in users' browsers," which can cause denial of service, information disclosure, and even code execution.

The good news is that the latest version of ChatRTX with the new security updates is available to download via NVIDIA.com. NVIDIA credits those who pointed out these exploits in its update, and there's no evidence of them being used to date. However, there's no denying that these vulnerabilities were pretty alarming - and could point to a whole new industry surrounding generative AI security.

Still, this whole issue makes the 'Your private data stays on your PC' claim, as seen in NVIDIA's ChatRTX promo video, ring a little hollow.

Buy at Amazon

ASUS TUF Gaming NVIDIA GeForce RTX 4080 Super OC Edition Gaming Graphics Card

TodayYesterday7 days ago30 days ago
Buy at Newegg
$1139.99$1428.90-
$1099.99$1201.99-
* Prices last scanned on 4/23/2024 at 9:14 am CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Kosta is a veteran gaming journalist that cut his teeth on well-respected Aussie publications like PC PowerPlay and HYPER back when articles were printed on paper. A lifelong gamer since the 8-bit Nintendo era, it was the CD-ROM-powered 90s that cemented his love for all things games and technology. From point-and-click adventure games to RTS games with full-motion video cut-scenes and FPS titles referred to as Doom clones. Genres he still loves to this day. Kosta is also a musician, releasing dreamy electronic jams under the name Kbit.

Newsletter Subscription

Related Tags