Find notable cyber news and cases, enriched with sources, timelines, and signals.

Google Gemini AI in Chrome security update (CVE-2026-0628)

Security Patch Release
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

Google patched CVE-2026-0628 in Gemini AI in Chrome, closing a high-severity browser side-panel flaw that could let malicious extensions reach the camera, microphone, screenshots, and local files. The issue mattered because the vulnerable component sat inside a privileged Gemini panel that could act on browser and system resources. Researchers demonstrated the abuse path in October, and Google fixed it in early January 2026 after reproducing the exploit conditions.

Related Happenings

Google Chrome 149 security update

Security Patch Release
H score28 First: 12.06.2026 12:27 Last: 12.06.2026 12:27 Sources 1

About this happening: Google rolled out **Chrome 149** for **Windows, macOS, and Linux**, resolving **28 critical and high-severity vulnerabilities**. The update reduces risk from browser compromise, m...

Google security patch release for CVE-2026-11645

Security Patch Release
H score56 First: 09.06.2026 09:56 Last: 09.06.2026 09:56 Sources 1

About this happening: **Google** released **emergency Chrome updates** to fix **CVE-2026-11645**, a **zero-day** that had already been **exploited in the wild**. The patched release covers **Chrome Sta...

Google security patch release for CVE-2026-10881

Security Patch Release
H score26 First: 06.06.2026 10:28 Last: 06.06.2026 10:28 Sources 1

About this happening: Google shipped **Chrome 149** with patches for **429 security bugs**, including **CVE-2026-10881** in **ANGLE**, creating a broad browser update for users on **Linux, Windows, and...

ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds

Technical Analysis
H score16 First: 04.06.2026 16:00 Last: 04.06.2026 16:00 Sources 1

About this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...

Google Gemini on Android notification-injection bypass using Fake Context Alignment

Technical Analysis
H score16 First: 03.06.2026 22:11 Last: 03.06.2026 22:11 Sources 1

About this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...

Timeline

  1. 02.03.2026 19:08 1 articles · 4mo ago

    Google security patch release for CVE-2026-0628

    Initial Disclosure

    In **early January 2026**, Google issued a Chrome update to fix **CVE-2026-0628** after researchers identified a privilege-escalation flaw in the browser’s **WebView tag**. The release covered **Windows, Mac, and Linux** builds and closed the path used by malicious extensions to reach privileged browser functionality.

    Show sources
  2. 02.03.2026 12:27 2 articles · 4mo ago

    Google patches Gemini AI in Chrome flaw CVE-2026-0628

    Mitigation Patch Update

    Google fixed CVE-2026-0628 in Gemini AI in Chrome after Palo Alto Networks Unit 42 showed that a malicious extension with only basic permissions could hijack the privileged Gemini side panel to escalate privileges and access the victim's camera and microphone without consent, take screenshots, and read local files and directories. Researchers said the abuse path was demonstrated in October and that Google reproduced the exploit conditions before patching the flaw in early January 2026.

    Show sources