RESEARCHERS at Palo Alto Networks found a Chrome vulnerability tracked as CVE-2026-0628 that could let malicious extensions hijack Gemini Live to spy on users and exfiltrate sensitive files through the browser. The report, according to Palo Alto Networks, details that the flaw allowed attackers with basic permissions to inject JavaScript into the Gemini panel and access local files, camera and microphone, or take screenshots of HTTPS sites.
Chrome’s side panel Gemini Live was designed to summarise content in real time, perform tasks, and interpret webpages in context, but its privileged integration raised the risk of abuse by extension-based attacks. The vulnerability was patched in Chrome 143 after being responsibly disclosed to Google on 23 October 2025, with the fix preventing malicious extensions from hijacking the Gemini panel.
The security implications are highlighted as particularly significant for enterprise environments where rogue extensions could access cameras, microphones or local files.