Palo Alto Networks Unit 42 disclosed a high-severity Google Chrome vulnerability in the new Gemini Live in Chrome side panel, tracked as CVE-2026-0628, that could have allowed malicious browser extensions with only basic permissions to hijack the Gemini panel and effectively “tap into” the browser environment. The reported impact included privilege escalation enabling access to sensitive resources such as the victim’s camera and microphone, the ability to take screenshots of any website, and access to local files and directories. Unit 42 reported responsible disclosure to Google and stated that Google shipped a fix in early January ahead of public disclosure.
Dark Reading coverage echoed Unit 42’s findings, emphasizing that the flaw highlights emerging risks in agentic/AI-enabled browsers where AI side panels run with elevated capabilities, and that enterprise environments face amplified exposure if users install untrusted extensions. Separate reporting described unrelated supply-chain activity affecting developer and browser extensions: Socket reported suspicious, non-repository code added to Aqua Trivy’s VS Code extension on OpenVSX (versions 1.8.12/1.8.13) that attempted to invoke local AI coding assistants and exfiltrate/report data, while Rescana detailed a QuickLens Chrome extension takeover used for credential/crypto theft and a ClickFix social-engineering technique; these are distinct incidents from CVE-2026-0628 but reinforce the broader risk of extension ecosystems.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Unit 42 published technical details for CVE-2026-0628, explaining how Chrome's handling of Gemini in a privileged panel let extensions abuse declarativeNetRequest or WebView policy gaps to hijack the panel. The disclosure highlighted risks including surveillance, phishing, and broader attack-surface expansion from agentic browser features.
Google patched the Gemini Live side-panel vulnerability in early January 2026, shipping fixes in Chrome 143.0.7499.192/.193 on desktop stable channels. The fix closed the privilege-escalation path that could have enabled access to screenshots, local files, camera, and microphone through a malicious extension.
Palo Alto Networks Unit 42 discovered CVE-2026-0628, a high-severity Chrome vulnerability that allowed low-permission extensions to inject code into the privileged Gemini Live side panel, and responsibly disclosed it to Google. Multiple reports place the disclosure on October 23, 2025.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
9 references tracked. Mallory keeps watching after this page renders.
helpnetsecurity.com
Open sourcescworld.com
Open sourcesecurityaffairs.com
Open sourcego.theregister.com
Open sourcethehackernews.com
Open sourcecybersecuritynews.com
Open sourceunit42.paloaltonetworks.com
Open sourcezdnet.com
Open sourcedarkreading.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.