Cybersecurity researchers have disclosed particulars of a now-patched security flaw in Google Chrome that might have permitted attackers to escalate privileges and acquire entry to native recordsdata on the system.
The vulnerability, tracked as CVE-2026-0628 (CVSS rating: 8.8), has been described as a case of inadequate coverage enforcement within the WebView tag. It was patched by Google in early January 2026 in model 143.0.7499.192/.193 for Home windows/Mac and 143.0.7499.192 for Linux.
“Inadequate coverage enforcement in WebView tag in Google Chrome previous to 143.0.7499.192 allowed an attacker who satisfied a person to put in a malicious extension to inject scripts or HTML right into a privileged web page through a crafted Chrome extension,” in keeping with an outline on the NIST Nationwide Vulnerability Database (NVD).
Palo Alto Networks Unit 42 researcher Gal Weizman, who found and reported the flaw on November 23, 2025, mentioned the problem might have permitted malicious extensions with primary permissions to grab management of the brand new Gemini Dwell panel in Chrome. The panel will be launched by clicking the Gemini icon situated on the prime of the browser window. Google added Gemini integration to Chrome in September 2025.
This assault might have been abused by an attacker to realize privilege escalation, enabling them to entry the sufferer’s digicam and microphone with out their permission, take screenshots of any web site, and entry native recordsdata.
The findings spotlight an rising assault vector arising from baking synthetic intelligence (AI) and agentic capabilities instantly into internet browsers to facilitate real-time content material summarization, translation, and automatic process execution, as the identical capabilities might be abused to carry out privileged actions.
The issue, at its core, is the necessity for granting these AI brokers privileged entry to the shopping surroundings to carry out multi-step operations, thereby turning into a double-edged sword when an attacker embeds hidden prompts in a malicious internet web page, and a sufferer person is tricked into accessing it through social engineering or another means.
The immediate might instruct the AI assistant to carry out actions that will in any other case be blocked by the browser, resulting in knowledge exfiltration or code execution. Even worse, the net web page might manipulate the agent to retailer the directions in reminiscence, inflicting it to persist throughout periods.
In addition to the expanded assault floor, Unit 42 mentioned the combination of an AI facet panel in agentic browsers brings again traditional browser security dangers.
“By inserting this new part inside the high-privilege context of the browser, builders might inadvertently create new logical flaws and implementation weaknesses,” Weizman mentioned. “This might embrace vulnerabilities associated to cross-site scripting (XSS), privilege escalation, and side-channel assaults that may be exploited by less-privileged web sites or browser extensions.”
Whereas browser extensions function based mostly on an outlined set of permissions, profitable exploitation of CVE-2026-0628 undermines the browser security mannequin and permits an attacker to run arbitrary code at “gemini.google[.]com/app” through the browser panel and acquire entry to delicate knowledge.
“An extension with entry to a primary permission set by way of the declarativeNetRequest API allowed permissions that might have enabled an attacker to inject JavaScript code into the brand new Gemini panel,” Weizman added. “When the Gemini app is loaded inside this new panel part, Chrome hooks it with entry to highly effective capabilities.”
It is value noting that the declarativeNetRequest API permits extensions to intercept and alter properties of HTTPS internet requests and responses. It is utilized by ad-blocking extensions to cease issuing requests to load adverts on internet pages.
In different phrases, all it takes for an attacker is to trick an unsuspecting person into putting in a specifically crafted extension, which might then inject arbitrary JavaScript code into the Gemini facet panel to work together with the file system, take screenshots, entry the digicam, activate the microphone – all options vital for the AI assistant to carry out its duties.
“This distinction in what kind of part hundreds the Gemini app is the road between by-design conduct and a security flaw,” Unit 42 mentioned. An extension influencing a web site is anticipated. Nonetheless, an extension influencing a part that’s baked into the browser is a critical security danger.”
