Chrome Gemini Flaw Lets Malicious Extensions Spy on You
▼ Summary
– A high-severity vulnerability (CVE-2026-0628) was found in Google Chrome’s Gemini AI feature, allowing malicious extensions to hijack the panel.
– This flaw could let attackers inject code to spy on users, steal data, access webcams, or conduct phishing through the compromised AI assistant.
– Google has patched the vulnerability in Chrome version 143.0.7499.192 and later, so users should update immediately to stay protected.
– The incident highlights broader security risks with new “agentic” AI browsers, which expand the attack surface and can be hijacked via methods like prompt injection.
– Experts warn that deploying such AI features requires treating them as high-risk infrastructure with strict security controls from the start.
A newly discovered security flaw in Google Chrome’s Gemini AI feature could allow malicious browser extensions to spy on users and steal sensitive data. This high-severity vulnerability highlights the emerging risks associated with integrating powerful AI assistants directly into web browsers. Security experts strongly advise all Chrome users to immediately update their browsers to the latest version to protect themselves from potential exploitation.
The vulnerability, officially tracked as CVE-2026-0628, stems from what researchers call “insufficient policy enforcement” within Chrome’s WebView component. Before the patch, this flaw enabled a malicious extension to inject scripts or HTML into a privileged browser page. An attacker could exploit this by tricking a user into installing a seemingly harmless extension. Once installed, that extension could hijack the Gemini AI panel.
The consequences of such a hijacking are severe. Since the Gemini assistant is designed to perform actions on a user’s behalf, a compromised panel could be forced to grant unauthorized access to system resources. This includes accessing webcams and microphones, capturing screenshots, reading local files, and navigating to phishing sites. The hijacked AI assistant could essentially act as a powerful tool for cybercriminals, performing actions that a standard browser extension would never normally be allowed to do.
The issue was privately reported to Google by researchers from Palo Alto Networks’ Unit 42 team in October. Google’s security team subsequently developed a fix, which was rolled out in Chrome version 143.0.7499.192 for Windows, macOS, and Linux. The simplest and most critical step for user safety is to ensure Chrome is updated. Users should accept update prompts as soon as they appear, typically in the top-right corner of the browser window. Regular updates not only deliver new features but are the primary defense against such security threats.
This incident underscores the broader security challenges posed by “agentic” AI browsers. These next-generation tools aim to automate tasks like form-filling, information gathering, and workflow management. However, granting these AI agents the authority to act on a user’s behalf significantly expands the potential attack surface. Beyond traditional software bugs, AI systems are uniquely vulnerable to prompt-injection attacks, where hidden instructions on a website can manipulate the AI into divulging data or performing malicious acts.
A recent study from MIT pointed to serious security gaps in the rapid development of such agentic AI, noting a lack of rigorous security testing. The fundamental question of how much trust to place in an AI with personal data remains unresolved. While the full potential of these AI browsers is still unfolding, so too are the associated risks. Security professionals argue that any organization deploying such technology must treat it as high-risk infrastructure from the start, implementing strict runtime monitoring, policy controls, and security guardrails. Balancing innovative functionality with robust security will be the defining challenge for the future of AI-assisted browsing.
(Source: ZDNET)
