Unit 42 has uncovered and disclosed a critical vulnerability, CVE-2026-0628, affecting “Gemini Live in Chrome,” Google’s AI-driven side panel. This issue involves privilege escalation, wherein malicious Chrome extensions can exploit the Gemini app’s higher privilege environment. Researchers found that these extensions could manipulate how Gemini loads within the side panel, allowing attacker-controlled payloads to execute in a context with more capabilities than the extension itself. Specifically, this vulnerability enables attackers to access local files, capture screenshots, activate camera and microphone features, and execute phishing attacks without additional user interaction. Palo Alto Networks informed Google on October 23, 2025, leading to a fix released in January 2026. The findings emphasize the necessity for strict isolation between extension content and privileged AI surfaces to maintain browser security. As AI integrates deeper into browsers, ensuring robust security controls is increasingly vital to mitigate risks and protect user privacy.
Source link
Share
Read more