⚠️ Region Alert: UAE/Middle East
Security researchers at Unit 42 discovered a high-severity vulnerability, identified as CVE-2026-0628, within Google Chrome's Gemini AI side panel. This flaw allowed malicious browser extensions with standard permissions to exploit the declarativeNetRequests API to inject JavaScript into the privileged Gemini environment. By hijacking this trusted component, an attacker could bypass traditional browser security boundaries and gain unauthorized access to sensitive system resources.
The impact of this privilege escalation is severe, enabling attackers to access the victim's camera and microphone without consent, take screenshots of any website, and interact with local files on the operating system. Furthermore, the vulnerability allowed for the delivery of phishing content within the trusted browser UI. Google has released a fix for this issue, highlighting the new security risks introduced by integrating multimodal AI agents directly into the browser core.
Top comments (0)