Cybersecurity researchers have disclosed particulars of a now-patched safety flaw in Google Chrome that would have permitted attackers to escalate privileges and achieve entry to native recordsdata on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS rating: 8.8), has been described as a case of inadequate coverage enforcement within the WebView tag. It was patched by Google in early January 2026 in model 143.0.7499.192/.193 for Home windows/Mac and 143.0.7499.192 for Linux.
“Inadequate coverage enforcement in WebView tag in Google Chrome previous to 143.0.7499.192 allowed an attacker who satisfied a consumer to put in a malicious extension to inject scripts or HTML right into a privileged web page through a crafted Chrome extension,” based on an outline on the NIST Nationwide Vulnerability Database (NVD).
Palo Alto Networks Unit 42 researcher Gal Weizman, who found and reported the flaw on November 23, 2025, stated the difficulty might have permitted malicious extensions with fundamental permissions to grab management of the brand new Gemini Reside panel in Chrome. The panel could be launched by clicking the Gemini icon positioned on the high of the browser window. Google added Gemini integration to Chrome in September 2025.
This assault might have been abused by an attacker to attain privilege escalation, enabling them to entry the sufferer’s digicam and microphone with out their permission, take screenshots of any web site, and entry native recordsdata.
The findings spotlight an rising assault vector arising from baking synthetic intelligence (AI) and agentic capabilities instantly into net browsers to facilitate real-time content material summarization, translation, and automatic process execution, as the identical capabilities might be abused to carry out privileged actions.
The issue, at its core, is the necessity for granting these AI brokers privileged entry to the searching atmosphere to carry out multi-step operations, thereby changing into a double-edged sword when an attacker embeds hidden prompts in a malicious net web page, and a sufferer consumer is tricked into accessing it through social engineering or another means.
The immediate might instruct the AI assistant to carry out actions that might in any other case be blocked by the browser, resulting in information exfiltration or code execution. Even worse, the net web page might manipulate the agent to retailer the directions in reminiscence, inflicting it to persist throughout classes.
Apart from the expanded assault floor, Unit 42 stated the combination of an AI facet panel in agentic browsers brings again basic browser safety dangers.
“By putting this new part inside the high-privilege context of the browser, builders might inadvertently create new logical flaws and implementation weaknesses,” Weizman stated. “This might embody vulnerabilities associated to cross-site scripting (XSS), privilege escalation, and side-channel assaults that may be exploited by less-privileged web sites or browser extensions.”
Whereas browser extensions function based mostly on an outlined set of permissions, profitable exploitation of CVE-2026-0628 undermines the browser safety mannequin and permits an attacker to run arbitrary code at “gemini.google[.]com/app” through the browser panel and achieve entry to delicate information.
“An extension with entry to a fundamental permission set via the declarativeNetRequest API allowed permissions that would have enabled an attacker to inject JavaScript code into the brand new Gemini panel,” Weizman added. “When the Gemini app is loaded inside this new panel part, Chrome hooks it with entry to highly effective capabilities.”
It is price noting that the declarativeNetRequest API permits extensions to intercept and alter properties of HTTPS net requests and responses. It is utilized by ad-blocking extensions to cease issuing requests to load adverts on net pages.
In different phrases, all it takes for an attacker is to trick an unsuspecting consumer into putting in a specifically crafted extension, which might then inject arbitrary JavaScript code into the Gemini facet panel to work together with the file system, take screenshots, entry the digicam, activate the microphone – all options essential for the AI assistant to carry out its duties.
“This distinction in what kind of part masses the Gemini app is the road between by-design habits and a safety flaw,” Unit 42 stated. An extension influencing an internet site is anticipated. Nonetheless, an extension influencing a part that’s baked into the browser is a severe safety danger.”
