Chrome’s Gemini Vulnerability Exposes Users
A critical security issue has been identified in Google Chrome’s Gemini AI assistant, potentially allowing unauthorized access to users’ cameras and microphones. This vulnerability, known as CVE-2026-0628, was discovered by researchers at Palo Alto Networks’ Unit 42 and disclosed to Google on October 23, 2025. Google has since addressed the flaw with a patch released on January 5, 2026.
Understanding the Impact of Elevated Privileges
The Gemini assistant in Chrome is part of a new wave of AI-enhanced browsers, offering real-time webpage analysis and task automation. However, the assistant’s need for comprehensive screen access has led to elevated permissions, including access to local files and multimedia devices. This broad access, while enhancing functionality, significantly increases the potential attack surface.
The vulnerability was found in Chrome’s handling of the declarativeNetRequest API, a common tool for managing web requests and responses. Researchers discovered inconsistencies in how Chrome processed requests to the Gemini URL, allowing extensions to inject JavaScript code into the Gemini panel, thereby exploiting its high-level permissions.
Potential Risks and Exploits
Once an attacker hijacks the Gemini panel, they can activate the victim’s camera and microphone without consent, capture screenshots, and access local files. This capability also facilitates sophisticated phishing attacks, as the Gemini panel’s integration with the browser lends it an air of legitimacy, unlike standalone phishing sites.
Although extension-based attacks are typically considered low-risk, the integration of privileged AI panels changes the threat landscape. Malicious extensions can now exploit these elevated permissions, posing significant risks to both individual users and organizations.
Protective Measures and Recommendations
Google’s patch for this vulnerability was made available in early January 2026. Users are advised to update Chrome to the latest version to protect against potential exploits. Organizations should ensure that all systems are updated promptly to safeguard against unauthorized access and data breaches.
The rise in malicious extensions on browser web stores underscores the need for vigilance. Users should be cautious about installing extensions and regularly audit their browser settings. Ensuring robust security measures and keeping software up to date are essential steps in mitigating the risks associated with this vulnerability.
For ongoing cybersecurity updates, follow us on Google News, LinkedIn, and X, or contact us to share your stories.
