"Since the Gemini app relies on performing actions for legitimate purposes, hijacking the Gemini panel allows privileged access to system resources that an extension would not normally have. In effect, a malicious extension could have turned on a webcam or microphone, sifted through local files, taken screenshots, or slipped phishing messages into what appears to be a legitimate Gemini panel."
"The flaw, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel. By exploiting the way Chrome handles extension network rules, a malicious add-on with fairly standard permissions could intercept and tamper with traffic headed for the Gemini panel."
Palo Alto Networks' Unit 42 discovered CVE-2026-0628, a critical flaw in Google Chrome that enabled rogue extensions to manipulate the browser's handling of Gemini Live requests. By exploiting Chrome's extension network rules, malicious add-ons with standard permissions could intercept traffic to the Gemini panel and inject malicious JavaScript. Gemini Live's deep browser integration grants access to screenshots, local files, cameras, and microphones. Compromised extensions could inherit these elevated privileges, enabling unauthorized surveillance, file access, and phishing attacks. Google patched the vulnerability in January through Chrome versions 143.0.7499.192 and 143.0.7499.193, closing the security gap before public disclosure.
#chrome-security-vulnerability #malicious-extensions #gemini-live-hijacking #privilege-escalation #browser-security
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]