“Serious Chrome Gemini Flaw Exposes Users’ Cameras and Microphones to Remote Attackers”

A critical severity security flaw has been identified in Google Chrome’s embedded Gemini AI assistant, putting users at risk of unauthorized access to their camera and microphone, theft of local files, and phishing schemes, all without necessitating any user action beyond initiating the browser’s integrated AI panel.

Designated as CVE-2026-0628, the vulnerability was detected by experts at Palo Alto Networks’ Unit 42 and was responsibly reported to Google on October 23, 2025. Google acknowledged the problem and issued a fix on January 5, 2026, before any public announcement.

Gemini Live in Chrome is part of an expanding category of “AI browsers” that incorporate AI assistants straight into the browsing interface. These assistants, which encompass Microsoft Copilot in Edge as well as independent solutions like Atlas and Comet, function as privileged side panels that can provide real-time webpage summaries, automate tasks, and assist with contextual browsing.

As these AI panels require a “multimodal” perspective of the user’s display to operate properly, Chrome provides the Gemini panel with heightened permissions, which encompass access to the camera, microphone, local files, and screenshot functionalities. While this privileged design allows for powerful capabilities, it also significantly increases the browser’s vulnerability footprint.

The flaw originated from the manner in which Chrome managed the declarativeNetRequest API, a standard browser extension permission that permits extensions to intercept and modify HTTPS web requests and responses. This API is commonly utilized for legitimate functions, such as ad-blocking.

Researchers discovered a significant difference in how Chrome handled requests to hxxps[:]//gemini.google[.]com/app. When that URL loads within a typical browser tab, extensions can intercept and introduce JavaScript into it, but this does not grant any special permissions.

On the contrary, when the same URL loads within the Gemini browser panel, Chrome associates it with elevated, browser-level abilities.

By exploiting this discrepancy, a malicious extension utilizing only basic permissions could insert arbitrary JavaScript code into the privileged Gemini panel, effectively commandeering a trusted browser component and inheriting all of its elevated rights.

Grants Access to Camera and Microphone

After an attacker seized control of the Gemini panel through this method, they could carry out the following tasks without any user engagement beyond the victim merely clicking the Gemini button:

The phishing threat is exceptionally perilous as the Gemini panel is a trusted, integrated browser component. Malicious content presented within it possesses an inherent legitimacy that independent phishing websites lack.

Historically, extension-based attacks have been perceived as lower-risk owing to the requirements to get a malicious extension installed. However, the inclusion of privileged AI panels fundamentally alters this assessment.

The quantity of malicious extensions launched to browser web stores has surged dramatically in recent years. While many are swiftly removed, they often reach thousands of users beforehand.

Moreover, legitimate extensions have been compromised or transferred to threat actors who pushed malicious updates to already-installed endpoints, converting trusted tools into covert weapons.

In corporate environments, a compromised extension that gains access to employees’ cameras, microphones, and local files poses a severe organizational security threat, with potential for corporate espionage and data exfiltration.

Google released a remedy on January 5, 2026, following responsible notification. Users operating the most current version of Chrome are safeguarded. Organizations should ensure Chrome is updated across all endpoints immediately.