DEV Community

DeepSeaX
DeepSeaX

Posted on

CVE-2026-0628: Chrome Extensions Exploit Gemini Panel for Privilege Escalation

#cve2026 #chromesecurity #privilegeescalation #browsersecurity

Google Chrome's integration of AI capabilities through the Gemini panel has introduced a critical attack surface that security teams need to address immediately. CVE-2026-0628 (CVSS 8.8) — an insufficient policy enforcement flaw in Chrome's WebView tag — allowed malicious browser extensions to inject scripts into the privileged Gemini Live panel, escalating from a simple extension to full system-level access.

What Happened

Discovered by Gal Weizman of Palo Alto Networks Unit 42 in November 2025, the vulnerability affects Chrome versions prior to 143.0.7499.192 on Linux and 143.0.7499.193 on Windows/Mac. Google patched it in January 2026, but the implications for browser-based AI security are significant.

The core issue: Chrome grants the Gemini panel elevated permissions for multi-step AI operations — camera access, screenshot capabilities, local file reads. Extensions exploiting CVE-2026-0628 could hijack these privileges through script injection into the WebView context.

Technical Breakdown

The attack chain leverages the declarativeNetRequest API — the same API used legitimately by ad-blockers — to intercept requests destined for the Gemini panel. Here's the exploitation flow:

  1. Malicious extension installed — disguised as a productivity tool or ad-blocker
  2. Request interception — extension uses declarativeNetRequest to modify requests to gemini.google.com/app
  3. Script injection — attacker injects JavaScript into the privileged Gemini WebView context
  4. Privilege escalation — injected code inherits Gemini's elevated permissions

Once inside the Gemini context, the attacker gains:

  • Camera and microphone access — live surveillance without user prompts
  • Screenshot capability — capture any open website or tab
  • Local file access — read files from the victim's filesystem
  • Arbitrary code execution — run JavaScript with Gemini-level privileges at gemini.google[.]com/app

This is a textbook case of T1068 — Exploitation for Privilege Escalation applied to the browser extension model.

Detection & Hunting

SOC teams should hunt for extensions abusing declarativeNetRequest rules targeting Google AI endpoints. Here's a Sigma-style detection rule:

title: Suspicious Chrome Extension Targeting Gemini Panel
id: 7a2e4f1b-9c3d-4e5f-8a6b-1c2d3e4f5a6b
status: experimental
description: Detects Chrome extensions with declarativeNetRequest rules targeting Gemini/AI endpoints
logsource:
  product: chrome
  category: extension_install
detection:
  selection:
    extension.permissions|contains:
      - 'declarativeNetRequest'
    extension.host_permissions|contains:
      - 'gemini.google.com'
      - 'aistudio.google.com'
  condition: selection
level: high
tags:
  - attack.privilege_escalation
  - attack.t1068
  - cve.2026.0628
Enter fullscreen mode Exit fullscreen mode

Additionally, monitor for these indicators in enterprise Chrome deployments:

  • Extensions requesting both declarativeNetRequest and access to *.google.com origins
  • WebView process spawns from extension contexts targeting AI panel URLs
  • Unexpected camera/microphone permission grants from Gemini-related origins

Mitigation Steps

  1. Patch immediately — update Chrome to 143.0.7499.192+ (Linux) or 143.0.7499.193+ (Windows/Mac)
  2. Audit installed extensions — review all extensions with declarativeNetRequest permissions via chrome://extensions
  3. Deploy Chrome Enterprise policies — restrict extension installation to allowlisted IDs using ExtensionInstallAllowlist
  4. Monitor AI panel access — log and alert on Gemini panel interactions from extension contexts
  5. Enable Chrome Enhanced Protectionchrome://settings/security → Enhanced protection

The Bigger Picture

This vulnerability highlights a growing attack surface: AI agents with elevated browser privileges. As browsers integrate more AI capabilities — Google Gemini, Microsoft Copilot, Apple Intelligence — each AI panel becomes a high-value target for extension-based attacks. The declarativeNetRequest API was designed for legitimate content filtering, but its ability to intercept and modify requests makes it a powerful tool for attackers when combined with AI panel privileges.

Security teams should treat browser AI integrations as privileged endpoints and apply zero-trust principles to extension permissions accordingly.

Source: The Hacker News

Need help assessing your exposure? Request a Beta Tester Program — currently in open beta.

Top comments (0)