Cybersecurity researchers have detailed a patched security flaw in Google Chrome that could allow an attacker to escalate privileges and access local files on the system.
This vulnerability is tracked as CVE-2026-0628 (CVSS score: 8.8) and is described as a case of insufficient policy enforcement of the WebView tag. Versions 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux were patched by Google in early January 2026.
According to the NIST National Vulnerability Database (NVD), “Poor policy enforcement in the WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker to persuade a user to install a malicious extension and inject script or HTML to a privileged page via a crafted Chrome extension.”
Palo Alto Networks Unit 42 researcher Gal Weizman, who discovered and reported the flaw on November 23, 2025, said the issue could have allowed a malicious extension with basic permissions to seize control of Chrome’s new Gemini Live panel. This panel can be launched by clicking the Gemini icon at the top of your browser window. Google added Gemini integration to Chrome in September 2025.
This attack could be exploited by an attacker for privilege escalation, allowing them to access the victim’s camera or microphone without permission, take screenshots of websites, or access local files.
The findings highlight new attack vectors that arise from building artificial intelligence (AI) and agent capabilities directly into web browsers to facilitate real-time content summarization, translation, and automated task execution, and the same capabilities can be exploited to perform privileged actions.
The crux of the problem is that these AI agents must be granted privileged access to the browsing environment to perform multi-step operations, which becomes a double-edged sword if attackers embed hidden prompts in malicious web pages and victim users are tricked into accessing those web pages through social engineering or other means.
This prompt instructs the AI assistant to perform an action that is blocked by the browser, potentially leading to data disclosure or code execution. Even worse, a web page can manipulate the agent to store instructions in memory that can persist across sessions.
In addition to expanding the attack surface, Unit 42 said the integration of AI side panels into agent-based browsers reinstates classic browser security risks.
“By placing this new component within the highly privileged context of the browser, developers may inadvertently create new logical flaws and implementation weaknesses,” Weitzman said. “This may include vulnerabilities related to cross-site scripting (XSS), privilege escalation, and side-channel attacks that can be exploited by low-privileged websites or browser extensions.”
Although browser extensions operate based on a defined set of permissions, successful exploitation of CVE-2026-0628 could compromise the browser’s security model and allow the attacker to execute arbitrary code on ‘gemini.google’.[.]com/app” via the browser panel to access sensitive data.
“An extension with access to a basic set of permissions through the declarativeNetRequest API allowed an attacker the ability to inject JavaScript code into the new Gemini panel,” Weizman added. “When a Gemini app loads inside this new panel component, Chrome hooks it to access powerful features.”
It’s worth noting that the declarativeNetRequest API allows extensions to intercept and modify properties of HTTPS web requests and responses. This is used by ad blocking extensions to stop making requests to load ads on web pages.
In other words, all an attacker needs to do is trick an unsuspecting user into installing a specially written extension, and then they can inject arbitrary JavaScript code into the Gemini side panel in order to interact with the file system, take screenshots, access the camera, turn on the microphone, and whatever else the AI assistant needs to perform its tasks.
“The difference in the type of component that loads a Gemini app is the line between a design behavior and a security flaw,” Unit 42 said. Extensions that affect your website are expected. However, extensions that affect the browser’s built-in components pose a significant security risk. ”
Source link
