What happened
Google patched a high-severity vulnerability (tracked as CVE-2026-0628) in the Gemini AI side panel in the Chrome browser that could have allowed malicious browser extensions with minimal permissions to escalate privileges, access sensitive system resources, and violate user privacy.
Who is affected
Organizations and individuals using Chrome with the integrated Gemini Live AI feature were potentially at risk, particularly enterprises where browser extensions are common, as threat actors could have exploited the flaw to access a user’s camera and microphone without consent, take screenshots, and read local files.
Why CISOs should care
This issue underscores the expanding attack surface introduced by agentic/AI-enabled browsers; traditional extension permission boundaries can be insufficient to contain risks when AI panels are involved. A successful exploit could lead to data exposure, privacy violations, or unauthorized access to end-user systems, compounding risks for enterprise networks and remote workers.
3 practical actions
- Ensure patch deployment: Confirm that Chrome browsers across your environment are updated to the latest version that includes the Gemini panel fix.
- Review extension policies: Audit and restrict browser extension use, especially unvetted or unnecessary extensions, and enforce stricter permissions policies.
- Monitor anomalous activity: Use endpoint detection and response (EDR) and SIEM tools to flag unusual access to cameras, microphones, local files, or unexpected extension behavior.
