Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
Summary
A high-severity vulnerability (CVE-2026-0628) in Google Chrome's Gemini AI feature allowed malicious extensions with basic permissions to hijack the Gemini panel and gain unauthorized access to sensitive resources like the camera, microphone, screenshots, and local files. Google released a fix in early January 2026, and the vulnerability highlights how integrating AI directly into browsers creates new security risks when AI components have overly broad access to the browser environment.
Solution / Mitigation
Google released a fix in early January 2026. Additionally, Palo Alto Networks' Prisma Browser is mentioned as a product designed to prevent extension-based attacks like this vulnerability.
Classification
Affected Vendors
Related Issues
Original source: https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
First tracked: March 2, 2026 at 07:00 AM
Classified by LLM (prompt v3) · confidence: 92%