Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Chrome’s Gemini Flaw Risks User Privacy with Remote Access

Chrome’s Gemini Flaw Risks User Privacy with Remote Access

Posted on March 2, 2026 By CWS

Chrome’s Gemini Vulnerability Exposes Users

A critical security issue has been identified in Google Chrome’s Gemini AI assistant, potentially allowing unauthorized access to users’ cameras and microphones. This vulnerability, known as CVE-2026-0628, was discovered by researchers at Palo Alto Networks’ Unit 42 and disclosed to Google on October 23, 2025. Google has since addressed the flaw with a patch released on January 5, 2026.

Understanding the Impact of Elevated Privileges

The Gemini assistant in Chrome is part of a new wave of AI-enhanced browsers, offering real-time webpage analysis and task automation. However, the assistant’s need for comprehensive screen access has led to elevated permissions, including access to local files and multimedia devices. This broad access, while enhancing functionality, significantly increases the potential attack surface.

The vulnerability was found in Chrome’s handling of the declarativeNetRequest API, a common tool for managing web requests and responses. Researchers discovered inconsistencies in how Chrome processed requests to the Gemini URL, allowing extensions to inject JavaScript code into the Gemini panel, thereby exploiting its high-level permissions.

Potential Risks and Exploits

Once an attacker hijacks the Gemini panel, they can activate the victim’s camera and microphone without consent, capture screenshots, and access local files. This capability also facilitates sophisticated phishing attacks, as the Gemini panel’s integration with the browser lends it an air of legitimacy, unlike standalone phishing sites.

Although extension-based attacks are typically considered low-risk, the integration of privileged AI panels changes the threat landscape. Malicious extensions can now exploit these elevated permissions, posing significant risks to both individual users and organizations.

Protective Measures and Recommendations

Google’s patch for this vulnerability was made available in early January 2026. Users are advised to update Chrome to the latest version to protect against potential exploits. Organizations should ensure that all systems are updated promptly to safeguard against unauthorized access and data breaches.

The rise in malicious extensions on browser web stores underscores the need for vigilance. Users should be cautious about installing extensions and regularly audit their browser settings. Ensuring robust security measures and keeping software up to date are essential steps in mitigating the risks associated with this vulnerability.

For ongoing cybersecurity updates, follow us on Google News, LinkedIn, and X, or contact us to share your stories.

Cyber Security News Tags:AI assistant, AI security, browser vulnerability, Chrome, CVE-2026-0628, Cybersecurity, Gemini, Google, phishing risk, privacy threat

Post navigation

Previous Post: Google Enhances Chrome Security with Quantum-Safe Certificates
Next Post: Chrome Security Flaw Allowed Extension Exploits

Related Posts

Microsoft Purview DLP to Restrict Microsoft 365 Copilot in Processing Emails With Sensitive Labels Microsoft Purview DLP to Restrict Microsoft 365 Copilot in Processing Emails With Sensitive Labels Cyber Security News
Critical ScreenConnect Flaw Puts Remote Sessions at Risk Critical ScreenConnect Flaw Puts Remote Sessions at Risk Cyber Security News
Fake Claude Campaign Utilizes PlugX-Like DLL Sideloading Fake Claude Campaign Utilizes PlugX-Like DLL Sideloading Cyber Security News
Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code Cyber Security News
Critical Dell Software Update Causes System Crashes Critical Dell Software Update Causes System Crashes Cyber Security News
Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark