Google Chrome Vulnerability Exposes Gemini Panel to Rogue Extension Hijacking

Google Chrome Vulnerability Exposed

A recently disclosed vulnerability in Google Chrome could have allowed a malicious browser extension to hijack the Gemini AI panel, potentially escalating its privileges or conducting phishing attacks.

Vulnerability Details

The high-severity flaw, tracked as CVE-2026-0628, was discovered by researchers at Palo Alto Networks’ Unit 42 and has a CVSS score of 8.8.

Gemini Panel and Vulnerability

The Gemini panel, a feature gradually being rolled out to Chrome users, allows users to access a chat interface in a browser sidebar. The panel includes a feature called Gemini Live, which enables the AI to view tabs the user has open. Users must opt-in to use the Gemini panel the first time they open it.

The vulnerability arose due to insufficient policy enforcement in the WebView tag through which the Gemini panel is displayed. This allowed a browser extension with basic permissions to inject HTML or JavaScript directly into the Gemini panel. Such permissions are typically considered benign, as they do not grant the extension any extra permissions and enable legitimate functions like ad blocking or displaying a custom theme.

Potential Risks

However, because the WebView panel is built into the browser, hijacking its content can grant access to elevated permissions, including the ability to take screenshots of the user’s browser tabs, activate the user’s camera and microphone without prompting for consent, and even access the local file system. Additionally, the Gemini panel could be made to display phishing content to the user, which is especially dangerous due to the panel being a trusted browser component.

Fix and Disclosure

The flaw was first reported to Google in October 2025 and was fixed on January 6, 2026, with the release of Chrome version 143.0.7499.192. Technical details of the vulnerability were first disclosed this week.

About Author

Vaibhav

See author's posts