Researchers at Palo Alto Networks’ Unit 42 uncovered a significant security vulnerability in Google Chrome, identified as CVE-2026-0628, which allowed malicious extensions to hijack the Gemini Live AI panel. This flaw enabled rogue extensions to manipulate how Chrome managed requests, granting unauthorized access to system resources. Specifically, these extensions could intercept and alter traffic directed to the Gemini panel, thereby embedding their own scripts, which could lead to serious privacy breaches, including activating webcams, microphones, and accessing local files. Google addressed the vulnerability with patches in Chrome versions 143.0.7499.192 and 143.0.7499.193. Despite this fix, the incident underscores the risks associated with integrating AI features into web browsers, raising concerns among cybersecurity experts, especially following recent warnings from Gartner. This situation highlights the dangers of granting extensive privileges to software, as it can potentially expose sensitive information to malicious actors.
Source link
