Chrome Gemini Flaw Lets Attackers Hijack Camera and Microphone Through Privileged AI Panel (CVE-2026-0628)

March 3, 2026 at 09:24 PM

•

1 min read

Chrome Gemini Flaw Lets Attackers Hijack Camera and Microphone Through Privileged AI Panel (CVE-2026-0628) — Photo: CybersecurityNews

TL;DR Summary

Researchers from Palo Alto Networks" Unit 42 disclosed a high-severity vulnerability (CVE-2026-0628) in Chrome's Gemini AI panel that could be exploited by a malicious extension to inject code with the panel’s elevated privileges, enabling silent camera and microphone access, local file theft, screenshots, and phishing. The flaw arises from how Chrome handles the declarativeNetRequest API for gemini.google.com; when loaded inside the Gemini panel it gains browser-level rights, unlike in a normal tab. Google patched the issue on January 5, 2026, so users should update Chrome immediately; organizations should apply the patch across endpoints to mitigate enterprise risk from trusted-panel attacks.

Topics:technology #chrome #cve-2026-0628 #cybersecurity #gemini #phishing #vulnerability

Share this article

Chrome Gemini Vulnerability Lets Attackers Access Victims' Camera and Microphone Remotely CybersecurityNews
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel Unit 42
Bug in Google's Gemini AI Panel Opens Door to Hijacking Dark Reading
New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel The Hacker News
Google Chrome Patch Signals Need for Constant AI Browser Vigilance PYMNTS.com

Reading Insights

Total Reads

Unique Readers

Time Saved

53 min

vs 54 min read

Condensed

99%

10,798 → 100 words

Want the full story? Read the original article

Read on CybersecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights