Chrome AI Panel Became Privilege Escalator for Extensions

Chrome AI panel became privilege escalator for extensions

: High-severity flaw let malicious add-ons access system via browser's embedded AI feature

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay protected.

How did Chrome’s Gemini panel let extensions escalate privileges?

An embedded AI panel opened a path for malicious add‑ons Security researchers disclosed a high‑severity flaw in Google Chrome’s bundled Gemini AI panel that allowed extensions to gain far broader access than their declared permissions. The embedded AI feature runs within the browser chrome and,…

Chrome security flaw enabled spying via Gemini Live assistant

A Google Chrome vulnerability lets malicious extensions hijack Gemini Live to spy on users and steal sensitive files. Researchers at Palo Alto Networks found a Chrome vulnerability, tracked as CVE-2026-0628, that could let malicious extensions take control of the Gemini Live AI assistant. By abusing the flaw, attackers could spy on users and exfiltrate sensitive […] This article has been indexed from Security Affairs Read the original article:…

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag. It was patched by Google in early January 2026