Active exploit found in ComfyUI extension/node “LLMVISION”

https://old.reddit.com/r/comfyui/comments/1dbls5n/psa_if_youve_used_the_comfyui_llmvision_node_from/

While I’ve not messed with this stuff myself, apparently “nodes” are just arbitrary code run on your computer, and as such can contain exploits, in this case a typical “discord stealer” script, which grabs whatever user data it can (including browser profiles) and sends it off to a discord.

So be careful what you run. Since it’s 2024 and unless you take special steps yourself, your security model is still:

4 Likes

Honestly, VM for normal browsing and SBC in the corner for money-doings, etc. is a must-have.

1 Like