Chrome Vulnerability Allowed Extensions to Hijack Gemini Panel

A high-severity security vulnerability, identified as CVE-2026-0628, was discovered in Google Chrome’s implementation of its Gemini feature, exposing users to potential data compromise and system-level access. The flaw allowed malicious browser extensions, even those with minimal permissions, to exploit the browser environment and interact with sensitive local resources, potentially enabling unauthorized actions without user consent, according to a report by Unit 42 at Palo Alto Networks.

The research revealed that attackers could have hijacked the Gemini Live panel within Chrome, effectively escalating privileges and gaining access to critical user resources. This included the ability to activate the victim’s camera and microphone, capture screenshots of active websites, and access local files and directories.

Unit 42 disclosed the vulnerability responsibly to Google and supported remediation efforts. A security patch was released in early January, ahead of the public disclosure of the issue.

AI Browsers: A New Wave of Productivity

The emergence of “agentic browsers” or AI-powered browsers marks a significant shift in how users interact with the web. Platforms such as Atlas, Comet, Microsoft Edge with Copilot, and Chrome with Gemini integrate AI assistants directly into the browsing experience.

These assistants typically operate through a side panel capable of real-time content summarization, automated task execution, and contextual support based on the active webpage. By granting AI direct and privileged access to the browser environment, these tools can perform complex, multi-step operations that previously required multiple extensions or manual input.

To function effectively, these AI systems rely on a “multimodal” perspective—essentially viewing and interpreting the same on-screen content as the user. They also depend on webpage context to understand instructions and execute tasks dynamically.

Fusing AI Into the Browser: Security Hazards

However, this advanced functionality introduces a significantly expanded attack surface. The integration of AI into the browser core creates a dual-layered security challenge.

First, the AI assistant itself becomes a potential attack vector. Malicious webpages can exploit prompt injection techniques to manipulate the AI into executing actions that would typically be blocked by traditional browser security mechanisms. These actions may include:

• Data exfiltration
• Bypassing the same-origin policy (SOP)
• Triggering privileged browser functions

In this scenario, the AI acts as an intermediary with overly broad access, effectively weakening existing security boundaries.

Second, embedding a complex AI component within a high-privilege browser context reintroduces traditional security risks. These include vulnerabilities such as cross-site scripting (XSS), privilege escalation, and side-channel attacks. Such weaknesses can be exploited by low-privileged websites or malicious extensions—precisely the vector highlighted in this case.

As AI-powered browsers continue to evolve, ensuring robust security frameworks will be critical to balancing innovation with user protection.