Dubai, March 10: Cybersecurity researchers at Palo Alto Networks’ threat intelligence unit Unit 42 have discovered a high-severity vulnerability in Google Chrome that could have allowed malicious browser extensions to hijack the new Gemini side panel and access sensitive user data.
The flaw, tracked as CVE-2026-0628, was found in Google’s implementation of the Gemini feature integrated into Chrome. According to researchers, the vulnerability allowed attackers to tap into the browser environment and potentially access files on a user’s local operating system.
The research team said the flaw could have enabled malicious extensions with basic permissions to take control of the new Gemini Live panel within Chrome.
Such an attack could have resulted in privilege escalation, enabling actions including accessing the victim’s camera and microphone without consent, taking screenshots of websites, and retrieving local files and directories.
Unit 42 said it responsibly disclosed the vulnerability to Google, which issued a fix in early January before the details were publicly released.
Rise of AI-powered browsers
The discovery highlights emerging security risks as browsers increasingly integrate AI assistants.
The terms “agentic browser” or “AI browser” refer to a new class of web browsers that integrate AI assistants. Examples include Atlas, Comet, Copilot in Edge, and Gemini in Chrome.
At the heart of these platforms is an AI side-panel assistant capable of summarising webpages in real time, automating tasks and helping users interpret online content.
By granting AI tools deeper access to the browser environment, these systems can perform complex multi-step actions that previously required multiple extensions or manual steps.
To carry out such tasks, these assistants require what researchers describe as a “multimodal” perspective, meaning they can see and interpret what the user sees on the screen. They also rely on webpage content for instructions and contextual cues to navigate and interact with site interfaces.
However, this expanded capability also introduces new security risks that traditional browsers did not face.
New attack surface
According to the researchers, integrating AI assistants into browsers creates a two-fold security challenge.
First, attackers may attempt to manipulate the AI assistant itself. A malicious webpage could issue instructions to the AI through sophisticated prompt-injection techniques, potentially leading it to perform actions that a normal browser security model would block.
These could include data exfiltration, bypassing the same-origin policy (SOP), or triggering privileged browser functions.
In such cases, the AI effectively becomes an intermediary with unusually broad access to the browser’s internal environment.
Second, introducing a complex AI component inside the browser’s high-privilege context can revive traditional security risks.
Researchers warn that such integrations may inadvertently create new logical flaws or implementation weaknesses, including vulnerabilities related to cross-site scripting (XSS), privilege escalation and side-channel attacks that could be exploited by malicious websites or browser extensions.
The findings underscore growing concerns among cybersecurity experts that AI-enabled browsers, while boosting productivity, could also significantly expand the digital attack surface if not carefully secured.