Ethical Hacking News
Google's Gemini Live AI panel has been compromised by a high-severity bug that exposes malicious extensions to system resources, providing unprecedented access to sensitive files, webcams, and microphones.
Google discovered a high-severity bug (CVE-2026-0628) in its Gemini Live AI panel that allows malicious extensions to hijack browser privileges and access system resources. A rogue Chrome extension can manipulate how the browser handles requests to the embedded Gemini Live side panel, intercepting and tampering with traffic headed for the panel. The bug provides an unprecedented amount of access to system resources that an extension would not normally have, allowing malicious extensions to turn on webcams, microphones, or access sensitive files. Google fixed the bug in early January by shipping patches in Chrome 143.0.7499.192 and 143.0.7499.193 for desktop via a Stable Channel update. The discovery highlights the importance of being careful about who else might get their hands on an AI-powered tool, especially when those tools provide unprecedented levels of access to system resources.
Google's recent discovery of a high-severity bug in its Gemini Live AI panel has exposed a critical vulnerability that could allow malicious extensions to hijack the browser's privileges and access system resources. The bug, tracked as CVE-2026-0628, was uncovered by researchers at Palo Alto Networks' Unit 42 who found that rogue Chrome extensions could manipulate how the browser handled requests to the embedded Gemini Live side panel.
The Gemini Live AI panel is not just a chatbot bolted onto a tab; it's tightly integrated into the browser to grab screenshots, read local files, and turn on your camera or microphone when asked. This level of integration provides an unprecedented amount of access to system resources that an extension would not normally have. The researchers discovered that a malicious extension could use this vulnerability to intercept and tamper with traffic headed for the Gemini panel, slipping its own JavaScript into a far more trusted part of the browser.
"The Gemini app relies on performing actions for legitimate purposes," said Gal Weizman, security researcher at Palo Alto Networks. "Hijacking the Gemini panel allows privileged access to system resources that an extension would not normally have." This means that a malicious extension could have turned on a webcam or microphone, sifted through local files, taken screenshots, or slipped phishing messages into what appears to be a legitimate Gemini panel.
The researchers at Unit 42 found that this vulnerability was exploitable by manipulating the way Chrome handles extension network rules. By exploiting this flaw, a malicious add-on with fairly standard permissions could intercept and tamper with traffic headed for the Gemini panel, stepping well beyond the permissions add-ons are supposed to have. This is a sobering reminder of how deeply integrating AI features with core software can quietly reshape the browser's threat model.
The discovery of this bug comes after analyst firm Gartner advised most organizations to avoid so-called "agentic" browsers, arguing that AI-driven automation with deep system hooks introduces risks that outweigh the productivity upside for many enterprises. The news also follows fresh evidence that attackers are already experimenting with generative AI inside their tooling. In February, researchers detailed Android malware that tapped Google's Gemini model at runtime to help interpret screenshots and automate on-device actions.
Google fixed the bug in early January, shipping patches in Chrome 143.0.7499.192 and 143.0.7499.193 for desktop via a Stable Channel update. The hole was closed before Unit 42 went public, and anyone on a current version is covered. While this means that users are now protected from the vulnerability, it also serves as a reminder of how critical it is to keep software up-to-date.
The discovery of this bug highlights the importance of being careful about who else might get their hands on an AI-powered tool, especially when those tools provide unprecedented levels of access to system resources. Browser makers have tried to keep extensions boxed in so one bad download can't poke around your system, but the more power you give software in the name of convenience, the more careless you become.
The researchers at Unit 42 demonstrated that this vulnerability was not a minor issue but a high-severity bug that exposed an attacker to a lot of power. In effect, malicious extensions could have used this vulnerability to do anything they wanted, from turning on webcams or microphones to accessing sensitive files and tampering with system settings.
This discovery also comes at a time when researchers are already exploring the potential for generative AI in various contexts. The fact that attackers are experimenting with these tools suggests that their use is becoming increasingly widespread. As such, it's more important than ever that organizations take steps to protect themselves against these types of threats.
In conclusion, the discovery of this bug serves as a reminder of how critical it is to keep software up-to-date and to be careful about who else might get their hands on an AI-powered tool. The vulnerability exposed by Unit 42 highlights the importance of being mindful of the permissions we grant our extensions and the risks associated with giving them too much power.
Related Information:
https://www.ethicalhackingnews.com/articles/A-High-Severity-Bug-in-Google-Chromes-Gemini-Live-AI-Panel-Exposes-Extensions-to-System-Resources-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/03/03/google_chrome_bug_gemini/
https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/?td=keepreading
https://vulert.com/blog/chrome-cve-2026-0628-gemini-panel-privilege/
https://nvd.nist.gov/vuln/detail/CVE-2026-0628
https://www.cvedetails.com/cve/CVE-2026-0628/
Published: Tue Mar 3 07:20:13 2026 by llama3.2 3B Q4_K_M
