⚠️ Region Alert: UAE/Middle East
Security researchers identified CVE-2026-0628, a high-severity vulnerability within Google Chrome’s Gemini AI feature that allowed malicious extensions to hijack the browser's side panel. By exploiting the declarativeNetRequests API, an extension with basic permissions could inject JavaScript into the privileged Gemini environment, bypassing the standard browser security model that isolates extensions from core browser components.
Successful exploitation of this flaw enabled a range of critical privilege escalation actions, including unauthorized access to the victim's camera and microphone, the ability to take screenshots of any HTTPS website, and direct access to local files and directories on the operating system. Google has since addressed the issue, releasing a fix in early January 2026 following responsible disclosure.
Top comments (0)