A recent report by Palo Alto Networks highlights a significant vulnerability in the Chrome browser that could have enabled malicious extensions to hijack its AI assistant, Gemini Live, potentially allowing for user surveillance and data breaches.
Gemini Live is an AI assistant integrated into Chrome's side panel, designed to assist users by summarizing content in real-time, automating specific tasks, and enhancing the contextual understanding of the webpage currently being viewed.
Palo Alto Networks explains that by providing the AI with direct and privileged access to the browsing environment, Chrome's AI capabilities enable it to perform complex operations. These tasks were previously unachievable without multiple extensions or manual interventions.
In order to function effectively, Gemini Live requires access to what the user sees on their screen, utilizing the webpage for context and direction. However, this increased capability and access also introduce new security risks.
The vulnerability identified by Palo Alto Networks, designated as CVE-2026-0628, was patched in January with Chrome version 143. The flaw could have allowed malicious browser extensions to inject JavaScript code into the Gemini Live panel.
According to the cybersecurity firm, a malicious extension would need to access a permission set through the declarativeNetRequests API. This API enables extensions to intercept and modify HTTPS web requests and responses, a feature intended for legitimate use, such as blocking harmful requests. This capability is enabled by default for extensions interacting with content loaded within the Gemini panel.
Palo Alto Networks notes that CVE-2026-0628 impacted interactions with the contents loaded within the Gemini panel. This meant that injected JavaScript could exploit the AI’s functionalities.
“These functionalities include reading local files, taking screenshots, accessing the camera and microphone, and more. If attackers could intercept under this setting, they could also gain access to these capabilities,” the firm adds.
Since the Gemini Live panel is an integral part of the browser, an attacker could have exploited this vulnerability to activate the camera and microphone without the user’s consent, access local files, take screenshots of browser tabs, and even conduct phishing attacks.
Palo Alto Networks further explains that because Gemini relies on performing tasks for legitimate purposes, hijacking the panel grants an extension privileged access to system resources that would normally be restricted.
The cybersecurity firm reported this vulnerability to Google in October. A fix was subsequently rolled out in Chrome versions 143.0.7499.192 and 143.0.7499.193 for Windows and macOS, as well as version 143.0.7499.192 for Linux.
