A newly identified vulnerability in Google Chrome has raised security concerns after researchers discovered that malicious browser extensions could potentially gain access to sensitive user information through the browser’s AI powered Gemini Live side panel. The flaw, tracked as CVE 2026 0628, affects Chrome versions earlier than 143.0.7499.192 and has been categorized as a high severity security issue. If exploited, the vulnerability could allow attackers to misuse browser permissions to access user devices and extract private information. Security experts warn that compromised systems could expose access to cameras, microphones, screenshots, local files, and other sensitive data stored on the device.
The issue is connected to Chrome’s built in artificial intelligence capability known as Gemini, specifically its Gemini Live side panel feature. According to security analysis, the vulnerability exists due to insufficient security restrictions within the panel environment. Because the Gemini Live panel operates with elevated browser privileges, attackers may exploit these permissions if they manage to inject malicious code through a compromised browser extension. Once the code is executed within the panel, it could interact with sensitive browser functions that are normally protected under strict security boundaries. The exploitation scenario requires a user to install a malicious extension that has been designed to inject harmful instructions into the AI interface.
Security analysts note that while the vulnerability does not allow remote exploitation without user interaction, the risk becomes significant when users unknowingly install untrusted browser extensions. Many extensions request broad permissions to access browser features and user data, which could be abused if the extension is designed with malicious intent. Once installed, such extensions could interact with the Gemini Live interface to bypass certain safeguards and gain visibility into system level information. This type of exploitation could enable attackers to capture screenshots, activate device microphones or cameras, or retrieve sensitive files stored locally on the device. In environments where Chrome is widely used for work related activities, the exposure of confidential data may lead to significant security risks.
The vulnerability highlights ongoing challenges associated with browser extensions and modern AI integrated browser features. As browsers incorporate advanced capabilities that interact with local device resources, the potential attack surface may expand if security restrictions are not tightly enforced. Extensions remain a common distribution channel for malicious code because they can easily appear legitimate while silently requesting permissions that grant access to sensitive areas of the browser environment. Attackers often disguise harmful extensions as productivity tools or utilities, increasing the likelihood that users will install them without carefully reviewing permission requests or verifying the publisher.
To address the issue, users are strongly advised to update Google Chrome to the latest available version that includes security fixes for the vulnerability. Systems running Chrome versions earlier than 143.0.7499.192 remain exposed until the update is applied. Users can check for updates by opening Chrome settings, selecting the help menu, and navigating to the About Google Chrome section where the browser will automatically search for and install the latest version. Applying the update ensures that the security flaw within the Gemini Live panel environment is patched and prevents malicious extensions from exploiting the vulnerability.
Security specialists also recommend several precautionary measures to reduce exposure to extension based threats. Users should review installed extensions and remove any that are unnecessary or unfamiliar. Installing extensions only from trusted publishers and official sources can reduce the likelihood of downloading compromised software. Additionally, users are advised to avoid installing browser extensions through suspicious links or unofficial distribution channels, which are frequently used to spread malicious software disguised as legitimate tools.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
