New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
Summary
Google Chrome had a security flaw (CVE-2026-0628, a CVSS score of 8.8, which measures vulnerability severity from 0-10) that allowed malicious browser extensions to gain unauthorized access to the Gemini Live panel, a built-in AI assistant, and perform privileged actions like accessing cameras, microphones, and local files. The vulnerability was caused by insufficient policy enforcement in the WebView tag (a component that displays web content), which let attackers inject malicious code into pages that should have been protected.
Solution / Mitigation
Google patched the vulnerability in Chrome version 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux in early January 2026.
Classification
Affected Vendors
Related Issues
Original source: https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
First tracked: March 2, 2026 at 07:00 PM
Classified by LLM (prompt v3) · confidence: 92%