Google Gemini AI in Chrome privilege escalation flaw (CVE-2026-0628)
Vulnerability
Summary
Hide ▲
Show ▼
Google has fixed CVE-2026-0628 in Gemini AI in Chrome, a high-severity flaw that let a malicious extension hijack the privileged Gemini side panel and expose user privacy and device resources. The weakness could let extensions with only basic permissions escalate privileges to access the victim's camera and microphone, take screenshots, and read local files and directories. Palo Alto Networks Unit 42 demonstrated the issue in October, and Google reproduced the exploit conditions before patching it in early January. The flaw matters because the affected panel sat inside a highly privileged browser component used by Chrome users.
Related Happenings
Chromium JavaScript background RCE flaw
Vulnerability
First: 21.05.2026 21:13
Last: 21.05.2026 21:13
Sources 1
About this happening:
The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Chromium JavaScript background RCE flaw
VulnerabilityAbout this happening: The unfixed **Chromium** flaw keeps **JavaScript** running after the browser is closed, creating **remote code execution** risk across **Chromium-based browsers**. A malicious sit...
Google overhauls Android and Chrome bug bounty programs
Commercial Activity
First: 05.05.2026 14:24
Last: 05.05.2026 14:24
Sources 1
About this happening:
**Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Google overhauls Android and Chrome bug bounty programs
Commercial ActivityAbout this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/Service
First: 16.04.2026 18:24
Last: 16.04.2026 18:24
Sources 1
About this happening:
**Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
Google expands Gemini AI for malicious ad blocking on Google Ads
Security Tool/ServiceAbout this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware Activity
First: 14.04.2026 11:35
Last: 14.04.2026 11:35
Sources 1
About this happening:
**108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
108 Malicious Google Chrome extensions sharing a C2 backend
Malware ActivityAbout this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/Service
First: 09.04.2026 21:33
Last: 09.04.2026 21:33
Sources 1
About this happening:
Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Google Chrome 146 adds Device Bound Session Credentials to block session-cookie theft
Security Tool/ServiceAbout this happening: Google has rolled out **Device Bound Session Credentials (DBSC)** in **Chrome 146 for Windows**, binding sessions to device hardware to blunt **infostealer malware** that steals s...
Timeline
-
02.03.2026 19:08 2 articles · 2mo ago
Unit 42 researcher discovers Chrome WebView tag flaw
Technical Analysis UpdatePalo Alto Networks Unit 42 researcher Gal Weizman discovered and reported CVE-2026-0628 in Google Chrome on November 23, 2025, identifying insufficient policy enforcement in the WebView tag that could let a malicious extension inject scripts or HTML into a privileged page and seize control of the Gemini Live panel.
Show sources
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel — thehackernews.com — 02.03.2026 19:08
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel — thehackernews.com — 02.03.2026 19:08
-
02.03.2026 19:08 1 articles · 2mo ago
Chrome flaw disclosed as now-patched with January 2026 fix
Initial DisclosureCybersecurity researchers publicly disclosed the now-patched Google Chrome flaw on March 2, 2026, noting that Google had fixed CVE-2026-0628 in early January 2026 in 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux after the issue was shown to enable privilege escalation, arbitrary code execution at gemini.google[.]com/app, and access to local files and other sensitive browser capabilities.
Show sources
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel — thehackernews.com — 02.03.2026 19:08
-
02.03.2026 12:27 1 articles · 2mo ago
Google Gemini AI in Chrome privilege escalation flaw (CVE-2026-0628)
Initial DisclosureIn **October**, researchers demonstrated that a normal Chrome extension could hijack the privileged **Gemini side panel** through **CVE-2026-0628**. Google later reproduced the exploit conditions and patched the flaw in **early January**.
Show sources
- Bug in Google's Gemini AI Panel Opens Door to Hijacking — www.darkreading.com — 02.03.2026 12:27