A vulnerability in Chrome could have allowed malicious extensions to hijack the browser’s Gemini Live AI assistant, potentially enabling spying on users and exfiltration of data, according to Palo Alto Networks. The issue, tracked as CVE-2026-0628, was patched in January in Chrome 143, with fixes rolled out to Windows and macOS in Chrome versions 143.0.7499.192 and .193, and Linux in version 143.0.7499.192.
The flaw could have allowed extensions with access to the declarativeNetRequests API to inject JavaScript into the Gemini Live panel, granting the attacker privileges such as reading local files, taking screenshots, and accessing the camera and microphone. Because the Gemini Live panel is a component of the browser itself, an attacker could have injected code to start the camera and microphone without user consent, or to hijack the panel for a phishing attack. The capability is intended for legitimate use to block malicious or intrusive requests, but the exposed privileged access created new risks.