Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Gemini AI in Chrome security update (CVE-2026-0628)

Security Patch Release
First reported
Last updated
Happening score
H score 23
2 unique sources, 2 articles

Summary

Hide ▲

Google patched CVE-2026-0628 in Gemini AI in Chrome, closing a high-severity browser side-panel flaw that could let malicious extensions reach the camera, microphone, screenshots, and local files. The issue mattered because the vulnerable component sat inside a privileged Gemini panel that could act on browser and system resources. Researchers demonstrated the abuse path in October, and Google fixed it in early January 2026 after reproducing the exploit conditions.

Related Happenings

Google overhauls Android and Chrome bug bounty programs

Commercial Activity
First: 05.05.2026 14:24 Last: 05.05.2026 14:24 Sources 1

About this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...

Open Happening

Google Gemini CLI workspace-trust hardening update

Security Patch Release
First: 30.04.2026 10:07 Last: 30.04.2026 10:07 Sources 1

About this happening: Google released a **Gemini CLI** security update that changes **workspace-trust handling** for **headless CI workflows**, reducing the risk that untrusted folders can trigger **ho...

Open Happening

Google Antigravity prompt-injection fix

Security Patch Release
First: 21.04.2026 13:52 Last: 21.04.2026 13:52 Sources 1

About this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...

Open Happening

Google expands Gemini AI for malicious ad blocking on Google Ads

Security Tool/Service
First: 16.04.2026 18:24 Last: 16.04.2026 18:24 Sources 1

About this happening: **Google** expanded **Gemini AI** use across its ad platforms to detect and block **malicious ads** in real time, reducing scam and malvertising exposure at scale. The move matter...

Open Happening

108 Malicious Google Chrome extensions sharing a C2 backend

Malware Activity
First: 14.04.2026 11:35 Last: 14.04.2026 11:35 Sources 1

About this happening: **108 malicious Google Chrome extensions** were found to use the same **C2 infrastructure** to steal credentials, sessions, and browsing data while injecting ads and arbitrary Jav...

Open Happening

Timeline

  1. 02.03.2026 19:08 1 articles · 2mo ago

    Google security patch release for CVE-2026-0628

    Initial Disclosure

    In **early January 2026**, Google issued a Chrome update to fix **CVE-2026-0628** after researchers identified a privilege-escalation flaw in the browser’s **WebView tag**. The release covered **Windows, Mac, and Linux** builds and closed the path used by malicious extensions to reach privileged browser functionality.

    Show sources
    Open in new tab
  2. 02.03.2026 12:27 2 articles · 2mo ago

    Google patches Gemini AI in Chrome flaw CVE-2026-0628

    Mitigation Patch Update

    Google fixed CVE-2026-0628 in Gemini AI in Chrome after Palo Alto Networks Unit 42 showed that a malicious extension with only basic permissions could hijack the privileged Gemini side panel to escalate privileges and access the victim's camera and microphone without consent, take screenshots, and read local files and directories. Researchers said the abuse path was demonstrated in October and that Google reproduced the exploit conditions before patching the flaw in early January 2026.

    Show sources
    Open in new tab