Researchers have identified a critical vulnerability, tracked as CVE-2026-0628, in Google Chrome’s Gemini feature, which poses significant risks for users. This flaw allows malicious browser extensions to inject scripts and gain unauthorized access to sensitive data, including webcams, microphones, and files. If exploited, cybercriminals can hijack the Gemini assistant to perform surveillance or conduct phishing attacks. Google has addressed this issue in versions 143.0.7499.192/.193. Users are advised to update their browsers immediately to mitigate risks and enhance security performance. The rise of agentic AI in browsers introduces new cybersecurity challenges, highlighting the need for careful management of such tools. Concerns include potential prompt-injection attacks and trust issues regarding personal data security. Expert Anupam Upadhyaya emphasizes that while innovation is valuable, it should not jeopardize security. Organizations deploying these technologies must implement stringent security protocols from the start to prevent data breaches and cyber threats.
Source link
Share
Read more