A dangerous vulnerability has been discovered in the Chrome browser, affecting its Gemini AI assistant feature. Security experts have warned that the attackers could exploit the flaw through malicious extensions to spy on users or steal sensitive data. Thankfully, Google has already released a fix, but users must update Chrome immediately to remain protected from potential exploitation.
Google patches a severe vulnerability affecting Gemini AI on the Chrome browser
Security researchers from Palo Alto Networks’ Unit 42 recently uncovered the vulnerability. It is tracked as CVE-2026-0628. The issue affects the Chrome browser’s Gemini AI feature. It’s an agentic assistant designed to help users complete tasks, search information, and automate workflows. According to the report, the vulnerability stems from insufficient policy enforcement within the WebView tag used by the Gemini panel inside the browser.
On the Chrome browser older than version 143.0.7499.192, attackers could exploit this flaw by convincing a user to install a seemingly harmless extension. Once installed, the extension could inject malicious scripts or HTML into the browser page. Using the extension, attackers could manipulate the Gemini panel. This could potentially allow the hackers to access sensitive system resources. They could access resources that extensions are not normally allowed to reach.
Attackers could potentially use the exploit to steal data
If exploited, the vulnerability could allow attackers to hijack Gemini’s capabilities and, worse, perform actions without user consent. Security researchers say that the hackers could access webcams or microphones, take screenshots, read local files, or launch phishing attacks. Since Gemini is designed to act on behalf of users, a compromised AI assistant could significantly expand the attacker’s reach inside the browser.
Thankfully, Google has fixed the vulnerability in the latest Chrome browser versions 143.0.7499.192 and 143.0.7499.193 for Windows and macOS, with a similar patch for Linux. Users are strongly advised to install the latest update as soon as it appears in the browser’s update notification. In most cases, the browser will automatically download and install the update. However, for added security and relief, users are advised to check for the update manually.
The post Critical Gemini Vulnerability on Chrome Browser Lets Malicious Extensions Spy on Users appeared first on Android Headlines.
​Â
