Critical Chrome Vulnerability Exposed: Malicious Extensions Could Exploit Gemini Panel
In a recent disclosure, cybersecurity experts have unveiled a significant security flaw in Google Chrome that, prior to its patching, could have allowed malicious extensions to escalate their privileges and access local files on users’ systems. This vulnerability, identified as CVE-2026-0628 with a CVSS score of 8.8, was attributed to insufficient policy enforcement within the WebView tag. Google addressed this issue in early January 2026 with the release of Chrome version 143.0.7499.192/.193 for Windows and Mac, and version 143.0.7499.192 for Linux.
The flaw was discovered by Gal Weizman, a researcher at Palo Alto Networks’ Unit 42, who reported it on November 23, 2025. Weizman highlighted that the vulnerability could have enabled malicious extensions, even those with minimal permissions, to take control of Chrome’s Gemini Live panel. This panel, introduced by Google in September 2025, is accessible via the Gemini icon at the top of the browser window and integrates artificial intelligence capabilities directly into the browsing experience.
Exploitation of this vulnerability could have led to severe consequences, including unauthorized access to users’ cameras and microphones, the ability to capture screenshots of any website, and access to local files without user consent. This incident underscores the potential risks associated with integrating AI and agentic functionalities directly into web browsers. While these features aim to enhance user experience by offering real-time content summarization, translation, and automated task execution, they also introduce new attack vectors.
The core issue lies in the necessity for these AI agents to have privileged access to the browsing environment to perform complex operations. This access becomes a double-edged sword when attackers embed hidden prompts within malicious web pages. Unsuspecting users, through social engineering tactics, could be directed to these pages, where the embedded prompts could instruct the AI assistant to perform actions typically restricted by the browser’s security protocols. Such actions could lead to data exfiltration or unauthorized code execution. Moreover, these malicious web pages could manipulate the AI agent to store these instructions in memory, causing them to persist across browsing sessions.
Beyond expanding the attack surface, the integration of AI side panels in browsers reintroduces classic security vulnerabilities. By embedding this new component within the browser’s high-privilege context, developers may inadvertently create logical flaws and implementation weaknesses. These could include vulnerabilities related to cross-site scripting (XSS), privilege escalation, and side-channel attacks, which could be exploited by less-privileged websites or browser extensions.
Traditionally, browser extensions operate based on a defined set of permissions. However, the successful exploitation of CVE-2026-0628 undermines this security model, allowing attackers to execute arbitrary code within the gemini.google[.]com/app context via the browser panel and gain access to sensitive user data.
Weizman noted that an extension with access to a basic permission set through the declarativeNetRequest API could have enabled an attacker to inject JavaScript code into the Gemini panel. This revelation highlights the importance of rigorous security assessments and the need for continuous vigilance as browsers evolve to incorporate advanced features.
In response to this discovery, Google has promptly patched the vulnerability, emphasizing the company’s commitment to user security. Users are strongly advised to update their Chrome browsers to the latest version to ensure they are protected against potential exploits targeting this flaw.
This incident serves as a stark reminder of the delicate balance between innovation and security. As browsers integrate more sophisticated features to enhance user experience, it is imperative to remain vigilant and proactive in identifying and mitigating potential security risks.
