Tag

Cve 2026 0628

All articles tagged with #cve 2026 0628

cybersecurity4 hours ago•53 min saved

Chrome Gemini Flaw Lets Attackers Hijack Camera and Microphone Through Privileged AI Panel (CVE-2026-0628)

Researchers from Palo Alto Networks" Unit 42 disclosed a high-severity vulnerability (CVE-2026-0628) in Chrome's Gemini AI panel that could be exploited by a malicious extension to inject code with the panel’s elevated privileges, enabling silent camera and microphone access, local file theft, screenshots, and phishing. The flaw arises from how Chrome handles the declarativeNetRequest API for gemini.google.com; when loaded inside the Gemini panel it gains browser-level rights, unlike in a normal tab. Google patched the issue on January 5, 2026, so users should update Chrome immediately; organizations should apply the patch across endpoints to mitigate enterprise risk from trusted-panel attacks.

via CybersecurityNews|

#chrome #cve-2026-0628 #cybersecurity

technology23 hours ago•3 min saved

Chrome Gemini Panel Flaw Could Let Extensions Escalate Privileges (CVE-2026-0628)

Security researchers disclosed a now-patched Chrome vulnerability, CVE-2026-0628, caused by weak WebView policy that could let a malicious extension inject code into the Gemini Live panel, enabling privilege escalation and access to local files, camera, microphone, and screenshots. The flaw affected Chrome versions prior to 143.0.7499.192/193 (Windows/macOS) and 143.0.7499.192 (Linux) and was fixed by Google in early January 2026. The incident underscores risks from AI-enabled browser components expanding the attack surface and the potential for abuse via extensions with basic permissions.

via The Hacker News|

#chrome #cve-2026-0628 #extensions