Ethical Hacking News
A critical vulnerability has been discovered in Google Chrome that could allow malicious extensions to escalate privileges and gain access to local files on the system. Researchers at Palo Alto Networks Unit 42 have identified the issue as a case of insufficient policy enforcement in the WebView tag.
The researchers at Palo Alto Networks Unit 42 discovered a critical vulnerability in Google Chrome (CVE-2026-0628) that allows malicious extensions to escalate privileges and access local files. The vulnerability is related to insufficient policy enforcement in the WebView tag and can be exploited by malicious extensions with basic permissions. The flaw could have permitted attackers to seize control of the Gemini Live panel, which is launched by clicking a Gemini icon at the top of the browser window. The vulnerability highlights an emerging attack vector arising from baking artificial intelligence (AI) and agentic capabilities into web browsers. Google patched the vulnerability in January 2026, but experts are urging users to exercise caution when installing browser extensions and to regularly update their software.
In a recent development that has sent shockwaves throughout the cybersecurity community, researchers at Palo Alto Networks Unit 42 have discovered a critical vulnerability in Google Chrome that could potentially allow malicious extensions to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 (CVSS score: 8.8), has been described as a case of insufficient policy enforcement in the WebView tag.
The discovery was made by Gal Weizman, a researcher at Unit 42, who reported the flaw on November 23, 2025. According to Weizman, the issue could have permitted malicious extensions with basic permissions to seize control of the new Gemini Live panel in Chrome. The panel can be launched by clicking the Gemini icon located at the top of the browser window. Google added Gemini integration to Chrome in September 2025.
The vulnerability is particularly concerning because it highlights an emerging attack vector arising from baking artificial intelligence (AI) and agentic capabilities directly into web browsers. As AI agents become increasingly sophisticated, they require more privileges to perform complex tasks, which can also be exploited by malicious actors.
When an attacker convinces a user to install a specially crafted extension, the extension could inject arbitrary JavaScript code into the Gemini side panel, allowing it to interact with the file system, take screenshots, access the camera, and turn on the microphone. This would enable the AI assistant to perform its tasks while bypassing traditional security measures.
The problem at its core is the need for granting these AI agents privileged access to the browsing environment to perform multi-step operations. While this provides a level of flexibility and convenience, it also creates a double-edged sword. When an attacker embeds hidden prompts in a malicious web page, and a victim user is tricked into accessing it via social engineering or some other means, the AI agent can be manipulated to store instructions in memory, causing it to persist across sessions.
Furthermore, the integration of an AI side panel in agentic browsers brings back classic browser security risks. By placing this new component within the high-privilege context of the browser, developers could inadvertently create new logical flaws and implementation weaknesses. This could include vulnerabilities related to cross-site scripting (XSS), privilege escalation, and side-channel attacks that can be exploited by less-privileged websites or browser extensions.
The declarativeNetRequest API allows extensions to intercept and change properties of HTTPS web requests and responses, which is used by ad-blocking extensions to stop issuing requests to load ads on web pages. However, in the case of this vulnerability, an attacker could use this API to inject JavaScript code into the Gemini side panel, allowing them to interact with sensitive data.
Google patched the vulnerability in early January 2026 in version 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux. However, the fact that this vulnerability was exposed highlights the need for more stringent security measures when it comes to AI-powered applications.
In light of this discovery, cybersecurity experts are urging users to exercise caution when installing browser extensions and to regularly update their software to ensure they have the latest security patches. Furthermore, developers should take steps to mitigate these risks by implementing robust security measures, such as validating user input and ensuring that AI agents do not receive unnecessary privileges.
The implications of this vulnerability are far-reaching, and it serves as a stark reminder of the importance of cybersecurity in today's digital landscape. As AI technology continues to advance, it is essential that we prioritize security and take steps to prevent similar vulnerabilities from arising.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Vulnerability-Exposed-How-Malicious-Extensions-Can-Escalate-Privileges-via-Google-Chromes-Gemini-Panel-ehn.shtml
https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
https://www.zdnet.com/article/gemini-live-chrome-bug-hijacks-ai/
Published: Mon Mar 2 12:14:37 2026 by llama3.2 3B Q4_K_M
