GOOGLE has fixed a high-severity flaw in its implemention of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access sensitive system resources.
The vulnerability, tracked as CVE-2026-0628, could have let malicious browser extensions with only basic permissions escalate privileges to access the victim’s camera and microphone without consent, take screenshots of websites, and access local files and directories, according to a report published today by researchers from Palo Alto Networks' Unit 42 who discovered the flaw.
In Chrome, the Gemini Live feature operates within a privileged side panel, granting it elevated capabilities to read on‑screen content and interact with local resources, creating a widened attack surface as agentic AI features become more common in browsers. Palo Alto researchers demonstrated how an ordinary extension could hijack the Gemini panel in October; Google reproduced the exploit conditions and patched the flaw in early January, according to the report.
The researchers warn that such vulnerabilities highlight security risks as AI is more deeply integrated into browser design, and stress the need for real-time policy enforcement and in‑browser visibility to mitigate threats. According to Palo Alto Networks' Unit 42, the risk profile is amplified within business and organisational environments.