Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Chrome Security Flaw Allowed Extension Exploits

Chrome Security Flaw Allowed Extension Exploits

Posted on March 2, 2026 By CWS

Details have emerged about a critical security vulnerability in Google Chrome, potentially enabling attackers to escalate privileges and access local files. This flaw, identified as CVE-2026-0628 with a CVSS score of 8.8, has been fixed by Google in January 2026, affecting Chrome versions up to 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux.

Vulnerability in the WebView Tag

The vulnerability stemmed from inadequate policy enforcement in Chrome’s WebView tag, as noted by the National Institute of Standards and Technology (NIST). Attackers could exploit this weakness by persuading users to install malicious extensions, allowing them to inject scripts or HTML into privileged pages.

Researcher Gal Weizman from Palo Alto Networks Unit 42 discovered and reported the flaw in late November 2025. This issue allowed extensions with basic permissions to control Chrome’s Gemini Live panel, introduced in September 2025.

Potential Risks and Exploits

The exploitation of this vulnerability could enable attackers to gain unauthorized access to a user’s camera and microphone, capture screenshots, and access local files without consent. This highlights a new threat vector as AI and agentic capabilities become integrated into web browsers, potentially enabling such abuses.

AI assistants in browsers require privileged access to perform complex tasks, posing risks if attackers embed hidden prompts in malicious web pages. Users could be tricked into accessing these pages, leading to data theft or unauthorized code execution.

Broader Implications for Browser Security

The inclusion of AI features in browsers revives traditional security risks, such as cross-site scripting and privilege escalation. Extensions operating under the declarativeNetRequest API could potentially exploit this flaw by injecting JavaScript into the Gemini panel, enabling unauthorized actions.

Weizman emphasized that while extensions can influence websites, influencing built-in browser components poses a significant security threat. This distinction underscores the necessity for robust security measures as browsers evolve to incorporate advanced functionalities.

In summary, this security flaw in Chrome underlines the importance of rigorous cybersecurity practices and continuous monitoring as browsers integrate more sophisticated technologies.

The Hacker News Tags:AI, browser security, Chrome, Cybersecurity, Gemini panel, malicious extensions, privilege escalation, Security, Vulnerability, WebView

Post navigation

Previous Post: Chrome’s Gemini Flaw Risks User Privacy with Remote Access
Next Post: US-Israel Cyber Operations Intensify Amid Iran Tensions

Related Posts

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution The Hacker News
New Android Malware Uses AI for Persistent Threats New Android Malware Uses AI for Persistent Threats The Hacker News
TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies TamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and Cookies The Hacker News
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws The Hacker News
Protect AI Agents from Legacy Infrastructure Surprises Protect AI Agents from Legacy Infrastructure Surprises The Hacker News
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Tool Revolutionizes Automated Penetration Testing
  • Critical WordPress Flaw Allows Code Execution
  • OpenSSL Vulnerability ‘HollowByte’ Poses Severe Threat
  • OpenSSL Vulnerability Causes Memory Freeze with Minimal Data
  • EY Faces Data Breach: IT System Compromised

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark