According to the latest research by ARIMLABS[.]AI, a critical security vulnerability (CVE-2025-47241) has been discovered in the widely used Browser Use framework — a dependency leveraged by more than 1,500 AI projects.

The issue enables zero-click agent hijacking, meaning an attacker can take control of an LLM-powered browsing agent simply by getting it to visit a malicious page — no user interaction required.

This raises serious concerns about the current state of security in autonomous AI agents, especially those that interact with the web.

Here's the issue on the github advisory database with an example

https://github.com/advisories/GHSA-x39x-9qw5-ghrf

> The core issue stems from the line domain = domain.split(':')[0], which allows an attacker to manipulate basic authentication credentials by providing a username:password pair. By replacing the username with a whitelisted domain, the check can be bypassed, even though the actual domain remains different.

So consider https://example.com:pass@google.com

This URL goes to google.com (paste it in your browser to see), but the library will consider this a URL that goes to example.com, which it doesn't.