Chrome AI panel became privilege escalator for extensions
A high-severity Chrome vulnerability allowed malicious extensions to hijack the Gemini Live AI panel and gain unauthorized access to system resources like cameras, microphones, and local files.
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
A patched Chrome vulnerability (CVE-2026-0628) allowed malicious extensions to escalate privileges and access local files, camera, microphone, and screenshots through insufficient WebView policy enforcement.
Vulnerability Allowed Hijacking Chrome's Gemini Live AI Assistant
A Chrome vulnerability allowed malicious extensions to hijack Gemini Live AI assistant and access sensitive user data through privileged browser access.
This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC
A high-severity vulnerability in Chrome's Gemini feature allows malicious extensions to inject code, enabling attackers to spy on users, steal data, access webcams and microphones, and conduct phishing attacks.