Google Gemini AI in Chrome security update (CVE-2026-0628)
Security Patch Release
Summary
Hide ▲
Show ▼
Google patched CVE-2026-0628 in Gemini AI in Chrome, closing a high-severity browser side-panel flaw that could let malicious extensions reach the camera, microphone, screenshots, and local files. The issue mattered because the vulnerable component sat inside a privileged Gemini panel that could act on browser and system resources. Researchers demonstrated the abuse path in October, and Google fixed it in early January 2026 after reproducing the exploit conditions.
Related Happenings
Google Chrome 149 security update
Security Patch Release
H score28
First: 12.06.2026 12:27
Last: 12.06.2026 12:27
Sources 1
About this happening:
Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...
Google Chrome 149 security update
Security Patch ReleaseAbout this happening: Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...
Google security patch release for CVE-2026-11645
Security Patch Release
H score56
First: 09.06.2026 09:56
Last: 09.06.2026 09:56
Sources 1
About this happening:
**Google** released **emergency Chrome updates** to fix **CVE-2026-11645**, a **zero-day** that had already been **exploited in the wild**. The patched release covers **Chrome Sta...
Google security patch release for CVE-2026-11645
Security Patch ReleaseAbout this happening: **Google** released **emergency Chrome updates** to fix **CVE-2026-11645**, a **zero-day** that had already been **exploited in the wild**. The patched release covers **Chrome Sta...
Google security patch release for CVE-2026-10881
Security Patch Release
H score26
First: 06.06.2026 10:28
Last: 06.06.2026 10:28
Sources 1
About this happening:
Google shipped **Chrome 149** with patches for **429 security bugs**, including **CVE-2026-10881** in **ANGLE**, creating a broad browser update for users on **Linux, Windows, and...
Google security patch release for CVE-2026-10881
Security Patch ReleaseAbout this happening: Google shipped **Chrome 149** with patches for **429 security bugs**, including **CVE-2026-10881** in **ANGLE**, creating a broad browser update for users on **Linux, Windows, and...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical Analysis
H score16
First: 04.06.2026 16:00
Last: 04.06.2026 16:00
Sources 1
About this happening:
Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical AnalysisAbout this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical Analysis
H score16
First: 03.06.2026 22:11
Last: 03.06.2026 22:11
Sources 1
About this happening:
Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical AnalysisAbout this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Timeline
-
02.03.2026 19:08 1 articles · 4mo ago
Google security patch release for CVE-2026-0628
Initial DisclosureIn **early January 2026**, Google issued a Chrome update to fix **CVE-2026-0628** after researchers identified a privilege-escalation flaw in the browser’s **WebView tag**. The release covered **Windows, Mac, and Linux** builds and closed the path used by malicious extensions to reach privileged browser functionality.
Show sources
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel — thehackernews.com — 02.03.2026 19:08
-
02.03.2026 12:27 2 articles · 4mo ago
Google patches Gemini AI in Chrome flaw CVE-2026-0628
Mitigation Patch UpdateGoogle fixed CVE-2026-0628 in Gemini AI in Chrome after Palo Alto Networks Unit 42 showed that a malicious extension with only basic permissions could hijack the privileged Gemini side panel to escalate privileges and access the victim's camera and microphone without consent, take screenshots, and read local files and directories. Researchers said the abuse path was demonstrated in October and that Google reproduced the exploit conditions before patching the flaw in early January 2026.
Show sources
- Bug in Google's Gemini AI Panel Opens Door to Hijacking — www.darkreading.com — 02.03.2026 12:27
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel — thehackernews.com — 02.03.2026 19:08