Vulnerability Allowed Hijacking Chrome’s Gemini Stay AI Assistant – Cyber Tech

A vulnerability in Chrome might have allowed malicious extensions to hijack the browser’s AI assistant to spy on customers and exfiltrate information, Palo Alto Networks reviews.

Chrome’s facet panel AI assistant, known as Gemini Stay, was designed to assist customers by summarizing content material in actual time, robotically executing particular duties, and aiding with the contextual understanding of the energetic webpage.

“By granting the AI direct, privileged entry to the shopping surroundings, AI browsers are able to performing advanced, multi-step operations that have been beforehand unimaginable or required a number of extensions and guide steps,” Palo Alto Networks explains.

To operate as supposed, the AI primarily sees what the person sees on the display and makes use of the net web page for context and directions, and this expanded functionality and privileged entry open the door to new dangers.

The vulnerability that Palo Alto Networks uncovered, tracked as CVE-2026-0628 and patched in January in Chrome 143, might have allowed malicious browser extensions to inject JavaScript code into the Gemini Stay panel.

The malicious extension, the cybersecurity agency explains, would require entry to a permission set by way of the declarativeNetRequests API, which permits extensions to intercept and alter HTTPS net requests and responses.

The potential is supposed for reputable functions, similar to blocking malicious or intrusive requests, and is enabled by default for extensions to work together with content material originating from Gemini and loaded within the web site’s tab.

CVE-2026-0628, Palo Alto Networks says, impacted the power to work together with the contents loaded inside the Gemini panel, which means that JavaScript code would achieve entry to the AI’s capabilities.

“These embody with the ability to learn native recordsdata, take screenshots, entry the digicam and microphone and extra, so the app might carry out advanced duties. With the ability to intercept it beneath that setting would have allowed attackers to realize entry to those powers too,” Palo Alto Networks explains.

As a result of the Gemini Stay panel is a element of the browser itself, an attacker might have injected code to start out the digicam and microphone with out person consent, to entry native recordsdata, to take screenshots of browser tabs, and to hijack the panel and carry out a phishing assault.

“For the reason that Gemini app depends on performing actions for reputable functions, hijacking the Gemini panel permits privileged entry to system assets that an extension wouldn’t usually have,” Palo Alto Networks explains.

The cybersecurity agency reported the bug to Google in October. A repair was rolled out in Chrome variations 143.0.7499.192/.193 for Home windows and macOS, and Chrome model 143.0.7499.192 for Linux.

Associated: Google Working In direction of Quantum-Protected Chrome HTTPS Certificates

Associated: PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence

Associated: Over 300 Malicious Chrome Extensions Caught Leaking or Stealing Consumer Information

Associated: Chrome, Edge Extensions Caught Stealing ChatGPT Periods