"By granting the AI direct, privileged access to the browsing environment, AI browsers are capable of performing complex, multi-step operations that were previously impossible or required several extensions and manual steps. To function as intended, the AI essentially sees what the user sees on the screen and uses the web page for context and instructions, and this expanded capability and privileged access open the door to new risks."
"The vulnerability that Palo Alto Networks uncovered, tracked as CVE-2026-0628 and patched in January in Chrome 143, could have allowed malicious browser extensions to inject JavaScript code into the Gemini Live panel. The malicious extension would require access to a permission set through the declarativeNetRequests API, which allows extensions to intercept and alter HTTPS web requests and responses."
"CVE-2026-0628 impacted the ability to interact with the contents loaded within the Gemini panel, meaning that JavaScript code would gain access to the AI's capabilities. These include being able to read local files, take screenshots, access the camera and microphone and more, so the app could perform complex tasks."
Chrome's Gemini Live AI assistant was vulnerable to exploitation through malicious browser extensions. The vulnerability, CVE-2026-0628, allowed extensions with declarativeNetRequests API permissions to inject JavaScript code into the Gemini Live panel. This granted attackers access to the AI's privileged capabilities, including reading local files, taking screenshots, and accessing camera and microphone functions. The vulnerability stemmed from Gemini Live's design, which requires direct access to the browsing environment to perform complex multi-step operations and provide contextual understanding of webpages. Google patched this vulnerability in Chrome 143 in January.
#chrome-security-vulnerability #gemini-live-ai-assistant #malicious-browser-extensions #data-exfiltration-risk #cve-2026-0628
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]