{"data":{"id":"1f539efe-0a11-4af4-a8a7-7d18cdf91cb5","title":"Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel","summary":"A high-severity vulnerability (CVE-2026-0628) in Google Chrome's Gemini AI feature allowed malicious extensions with basic permissions to hijack the Gemini panel and gain unauthorized access to sensitive resources like the camera, microphone, screenshots, and local files. Google released a fix in early January 2026, and the vulnerability highlights how integrating AI directly into browsers creates new security risks when AI components have overly broad access to the browser environment.","solution":"Google released a fix in early January 2026. Additionally, Palo Alto Networks' Prisma Browser is mentioned as a product designed to prevent extension-based attacks like this vulnerability.","labels":["security"],"sourceUrl":"https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/","publishedAt":"2026-03-02T11:00:36.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["Google Chrome","Gemini Live in Chrome","Google Gemini"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}