Cybersecurity researchers have disclosed particulars of a now-patched safety flaw in Google Chrome that might have permitted attackers to escalate privileges and acquire entry to native information on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS rating: 8.8), has been described as a case of inadequate coverage enforcement within the WebView tag. It was patched by Google in early January 2026 in model 143.0.7499.192/.193 for Home windows/Mac and 143.0.7499.192 for Linux.
“Inadequate coverage enforcement in WebView tag in Google Chrome previous to 143.0.7499.192 allowed an attacker who satisfied a consumer to put in a malicious extension to inject scripts or HTML right into a privileged web page through a crafted Chrome extension,” based on an outline on the NIST Nationwide Vulnerability Database (NVD).
Palo Alto Networks Unit 42 researcher Gal Weizman, who found and reported the flaw on November 23, 2025, mentioned the problem may have permitted malicious extensions with primary permissions to grab management of the brand new Gemini Reside panel in Chrome. The panel will be launched by clicking the Gemini icon positioned on the prime of the browser window. Google added Gemini integration to Chrome in September 2025.
This assault may have been abused by an attacker to attain privilege escalation, enabling them to entry the sufferer’s digicam and microphone with out their permission, take screenshots of any web site, and entry native information.
The findings spotlight an rising assault vector arising from baking synthetic intelligence (AI) and agentic capabilities instantly into internet browsers to facilitate real-time content material summarization, translation, and automatic activity execution, as the identical capabilities might be abused to carry out privileged actions.
The issue, at its core, is the necessity for granting these AI brokers privileged entry to the searching setting to carry out multi-step operations, thereby changing into a double-edged sword when an attacker embeds hidden prompts in a malicious internet web page, and a sufferer consumer is tricked into accessing it through social engineering or another means.
The immediate may instruct the AI assistant to carry out actions that may in any other case be blocked by the browser, resulting in information exfiltration or code execution. Even worse, the online web page may manipulate the agent to retailer the directions in reminiscence, inflicting it to persist throughout classes.
Apart from the expanded assault floor, Unit 42 mentioned the mixing of an AI aspect panel in agentic browsers brings again basic browser safety dangers.
“By putting this new part inside the high-privilege context of the browser, builders may inadvertently create new logical flaws and implementation weaknesses,” Weizman mentioned. “This might embrace vulnerabilities associated to cross-site scripting (XSS), privilege escalation, and side-channel assaults that may be exploited by less-privileged web sites or browser extensions.”
Whereas browser extensions function based mostly on an outlined set of permissions, profitable exploitation of CVE-2026-0628 undermines the browser safety mannequin and permits an attacker to run arbitrary code at “gemini.google[.]com/app” through the browser panel and acquire entry to delicate information.
“An extension with entry to a primary permission set by the declarativeNetRequest API allowed permissions that might have enabled an attacker to inject JavaScript code into the brand new Gemini panel,” Weizman added. “When the Gemini app is loaded inside this new panel part, Chrome hooks it with entry to highly effective capabilities.”
It is value noting that the declarativeNetRequest API permits extensions to intercept and alter properties of HTTPS internet requests and responses. It is utilized by ad-blocking extensions to cease issuing requests to load adverts on internet pages.
In different phrases, all it takes for an attacker is to trick an unsuspecting consumer into putting in a specifically crafted extension, which may then inject arbitrary JavaScript code into the Gemini aspect panel to work together with the file system, take screenshots, entry the digicam, activate the microphone – all options obligatory for the AI assistant to carry out its duties.
“This distinction in what kind of part hundreds the Gemini app is the road between by-design habits and a safety flaw,” Unit 42 mentioned. An extension influencing a web site is anticipated. Nonetheless, an extension influencing a part that’s baked into the browser is a critical safety threat.”
