March 2, 2026

Critical Vulnerability Exploited to Hijack Chrome’s Gemini Live AI Assistant

Vaibhav March 2, 2026
Critical-Vulnerability-Exploited-to-Hijack-Chrome-s-Gemini-Live-AI-Assistantdata
Post Views: 5

Google Chrome Vulnerability Patched

A recently patched vulnerability in Google Chrome could have been exploited by malicious browser extensions to hijack the browser’s AI-powered assistant, Gemini Live, and spy on users.

What is Gemini Live?

Gemini Live is a side panel AI assistant designed to aid users by summarizing content in real time, executing specific tasks, and providing contextual understanding of the active webpage. To function as intended, the AI has direct, privileged access to the browsing environment, allowing it to perform complex operations that would otherwise be impossible or require multiple extensions and manual steps.

Vulnerability Details

A vulnerability tracked as CVE-2026-0628, discovered by Palo Alto Networks and patched in Chrome version 143, could have allowed malicious extensions to inject JavaScript code into the Gemini Live panel. To exploit the vulnerability, an attacker would need to create a malicious extension with access to a permission set through the declarativeNetRequests API.

This API allows extensions to intercept and alter HTTPS web requests and responses, and is enabled by default for extensions to interact with content originating from Gemini and loaded in the website’s tab.

Impact of the Vulnerability

The vulnerability impacted the ability to interact with the contents loaded within the Gemini panel, granting JavaScript code access to the AI’s capabilities. These capabilities include reading local files, taking screenshots, accessing the camera and microphone, and performing complex tasks.

By injecting code into the Gemini Live panel, an attacker could have gained access to these capabilities, allowing them to start the camera and microphone without user consent, access local files, take screenshots of browser tabs, and hijack the panel to perform phishing attacks.

Since the Gemini Live panel is a component of the browser itself, an attacker could have exploited the vulnerability to gain privileged access to system resources that an extension would not normally have.

Patch and Fix

Palo Alto Networks reported the bug to Google in October, and a fix was rolled out in Chrome versions 143.0.7499.192/.193 for Windows and macOS, and Chrome version 143.0.7499.192 for Linux.


Blog Image

About Author

Vaibhav

See author's posts

More Stories

CISA-Undergoes-Leadership-Shift-Amid-Staffing-Reductions-and-Cybersecurity-Threatsdata

CISA Undergoes Leadership Shift Amid Staffing Reductions and Cybersecurity Threats

Vaibhav March 2, 2026
ExpressVPN-Identity-Defender-App-for-Enhanced-Online-Fraud-Protectiondata

ExpressVPN Identity Defender App for Enhanced Online Fraud Protection

Vaibhav March 2, 2026
FreePBX-Instances-Infected-by-Web-Shells-via-Command-Injection-Vulnerability-Exploitsdata

FreePBX Instances Infected by Web Shells via Command Injection Vulnerability Exploits

Vaibhav March 2, 2026

Latest Cyber Security News

Man-Pleads-Guilty-to-Operating-AI-Generated-Fake-ID-Website-OnlyFakedata

Man Pleads Guilty to Operating AI-Generated Fake ID Website ‘OnlyFake

Vaibhav March 2, 2026
CISA-Undergoes-Leadership-Shift-Amid-Staffing-Reductions-and-Cybersecurity-Threatsdata

CISA Undergoes Leadership Shift Amid Staffing Reductions and Cybersecurity Threats

Vaibhav March 2, 2026
ExpressVPN-Identity-Defender-App-for-Enhanced-Online-Fraud-Protectiondata

ExpressVPN Identity Defender App for Enhanced Online Fraud Protection

Vaibhav March 2, 2026
FreePBX-Instances-Infected-by-Web-Shells-via-Command-Injection-Vulnerability-Exploitsdata

FreePBX Instances Infected by Web Shells via Command Injection Vulnerability Exploits

Vaibhav March 2, 2026
Meta-AI-in-WhatsApp-Reignites-Privacy-Concernsdata

Meta AI in WhatsApp Reignites Privacy Concerns

Vaibhav March 2, 2026
en_USEnglish
en_USEnglish