Chrome Gemini panel became privilege escalator for rogue extensions
The Register
March 3, 2026
AI-Generated Deep Dive Summary
A high-severity vulnerability in Google Chrome, tracked as CVE-2026-0628, has been uncovered, enabling malicious extensions to exploit the browser's integrated Gemini Live AI panel and gain unauthorized system privileges. Discovered by researchers at Palo Alto Networks' Unit 42, the flaw allowed rogue extensions to intercept and manipulate network traffic directed to the Gemini panel, injecting their own JavaScript into a highly trusted part of the browser. This vulnerability could have been exploited to access sensitive resources like the webcam, microphone, or local files, posing significant risks to user privacy.
The Gemini Live AI panel is tightly integrated into Chrome, enabling it to perform tasks such as capturing screenshots, accessing files, and controlling system hardware. While these capabilities are useful for legitimate purposes, they also make the panel a prime target for attackers seeking to escalate privileges through malicious extensions. The flaw stemmed from how Chrome handled extension network rules, allowing even low-privilege extensions to bypass security restrictions and access features typically reserved for trusted components.
The vulnerability was promptly addressed by Google in early January with patches released in Chrome versions 143.0.7499.192 and 143.0.7499.193. However, the discovery underscores the growing risks of embedding AI features directly into core software systems. As organizations increasingly adopt
Verticals
tech
Originally published on The Register on 3/3/2026