Security Vulnerability CVE-2026-0628 in Google Chrome Gemini Feature
A significant security vulnerability, CVE-2026-0628, was identified in Google’s Gemini feature within Chrome, allowing attackers to exploit browser environments and access local files. This flaw enabled malicious extensions with minimal permissions to hijack the Gemini Live panel, facilitating unauthorized actions, such as activating the camera and microphone, taking screenshots, and accessing local directories.
Palo Alto Networks reported this vulnerability to Google, which issued a fix in early January 2026. Their Prisma Browser service protects users from such extension-based attacks. With the rise of AI browsers, new security risks emerge, allowing potential data exfiltration and bypassing security protocols.
To safeguard against these threats, Palo Alto Networks offers Advanced Web Protection and Advanced URL Filtering. Their dedicated security team actively monitors and mitigates emerging threats, ensuring customer safety. Users seeking assistance should contact Unit 42 Incident Response for urgent matters.
