New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

akid95
5 days ago
3 min read

The rise of AI-integrated browsers has introduced new convenience and new risks. In early 2026, researchers from Palo Alto Networks Unit 42 and multiple cybersecurity outlets disclosed a high-severity vulnerability in Google Chrome’s Gemini Live AI assistant, tracked as CVE-2026-0628. The flaw allowed seemingly low-permission extensions to bypass Chrome’s built-in privilege boundaries, giving attackers access to sensitive system resources like files, camera, microphone, and screenshots. While the AI side panel was designed to help users automate tasks and contextualize browsing, the incident highlights the growing complexity of securing agentic browser features that consolidate high-level capabilities in a single interface.

How Malicious Extensions Exploit AI Features

At the heart of CVE-2026-0628 is insufficient policy enforcement. Normally, Chrome isolates extensions from sensitive internal components. Gemini Live’s integration, however, created a loophole which is malicious extensions could inject scripts into a privileged AI context. This meant that a plugin requiring minimal permissions could suddenly access APIs and data it shouldn’t. Attackers could retrieve local files, capture browser sessions, interact with hardware, and manipulate privileged UI elements. By exploiting the AI panel’s broader access, the vulnerability transformed otherwise low-impact extensions into powerful intrusion tools.

Google’s Gemini Live in Chrome browser AI assistant

The Role of Social Engineering in Extension Attacks

Exploitation required only that a user install a malicious extension. It could appear legitimate and request no sensitive permissions, making it difficult to detect. Extensions could be obtained from the Chrome Web Store, side-loaded during development, or distributed through social engineering campaigns. Once present, the extension could trigger the exploit automatically, with no further user interaction. The combination of trusted extension models and AI-enabled privileges makes the attack particularly stealthy, as traditional warning prompts or permission checks are bypassed entirely.

Why AI-Powered Browsers Amplify Risk

AI-integrated features like Gemini Live inherently aggregate powerful capabilities under one context. This consolidation increases both the attack surface and the potential impact of even minor logic flaws. With access to camera, microphone, files, and browsing data, attackers could perform real-time surveillance, steal credentials, capture session tokens, and compromise SaaS accounts. The incident highlights a broader trend: as browsers become “smarter” and more agentic, securing privilege boundaries becomes not just a best practice, but a critical necessity.

The Consequences Extend Beyond the Browser

While the technical vulnerability exists in Chrome, the impact goes further. Stolen session data and authentication tokens can lead to credential compromise, account takeover, and exposure of sensitive enterprise documents. Even in personal devices, attackers could monitor activity, capture personal files, or use the system as a pivot point for additional attacks. The stealthy nature of extension-based exploits means users and organizations may remain unaware until secondary abuse occurs, underscoring the persistent danger of AI feature vulnerabilities.

Mitigating Extension-Based AI Risks

Patch management is the first line of defense. Google released fixes in Chrome 143.0.7499.192/.193, and ensuring that all systems are updated is critical. Organizations should also enforce strict extension policies, disable side-loading where unnecessary, and audit installed extensions regularly. Browser hardening, including restricting AI panel features and limiting access to camera, microphone, and files, reduces exposure. Behavioral monitoring can detect abnormal child processes, suspicious hardware activation, and anomalous file access. Finally, strong identity controls, such as multi-factor authentication and reduced session token lifetimes, limit downstream exploitation.

Lessons for AI-Integrated Security

CVE-2026-0628 underscores a broader challenge: AI features centralize power and complexity in ways that legacy security models struggle to contain. Vulnerabilities in agentic browsers can transform seemingly benign extensions into powerful attack vectors. Security strategies must therefore combine patching, extension governance, behavioral monitoring, and identity protection. Human factors such as extension installation decisions remain as important as technical controls.

As AI continues to integrate deeply into browsing and enterprise workflows, the risk landscape is evolving. Threat actors exploit both technology and trust, emphasizing the need for layered defenses that anticipate not just technical exploits, but the human behaviors that enable them. In an age of intelligent browsers, privilege boundaries are only as strong as the policies, oversight, and awareness surrounding them.