Chrome Vulnerability Enables Extensions to Hijack Gemini Camera, Mic, and File Access
In a stark reminder of the risks posed by AI-integrated browsers, security researchers have disclosed a high-severity vulnerability in Google’s Chrome browser that allowed low-privilege extensions to seize control of the Gemini “Live in Chrome” side panel.
Tracked as CVE-2026-0628, the flaw enabled attackers to inject malicious code into this privileged AI assistant, granting unauthorized access to users’ cameras, microphones, local files, and even screenshots of sensitive web content.
Chrome’s Gemini “Live in Chrome” panel embeds an agentic AI interface directly into the browser sidebar, designed for seamless automation.
This panel can analyze on-screen content, read local files, capture screenshots, and activate device peripherals like cameras and microphones, all without repeated user prompts, under the guise of trusted browser functionality.
At the heart of the vulnerability was Chrome’s declarativeNetRequest API, which lets extensions modify network requests for efficiency. Researchers found that a malicious extension with minimal permissions could intercept and tamper with traffic to gemini.google.com/app Specifically, when loaded in the side panel, bypassing normal isolation.
This injection enabled the extension to execute arbitrary JavaScript in a high-privilege context, effectively turning Gemini into a puppet for the attacker.
The implications were severe. A basic extension could silently enumerate directory structures, exfiltrate files, snap screenshots of any HTTPS page (including banking or email sessions), and stream video/audio from the camera and mic, no consent dialogs required.
Worse, the hijacked panel could masquerade as the legitimate Gemini UI to enable phishing, tricking users into divulging credentials or approving actions they believed were AI-driven.
“Normally, extensions are sandboxed from core browser components and each other.” “But this flaw shattered those boundaries, letting a low-privilege actor inherit Gemini’s god-like powers.” The trusted nature of the side panel amplified the threat; users expect Chrome’s built-in tools to be secure, not extension-controlled.
This isn’t an isolated incident. Agentic browsers, such as Chrome’s Gemini, Edge’s Copilot, and emerging tools like Atlas and Comet, are evolving beyond traditional tab isolation.
These AI sidekicks maintain persistent context across pages, execute multi-step tasks (e.g., summarizing docs, auto-filling forms, or querying local data), and demand broad permissions.
This shift invites novel attacks: prompt injection to manipulate AI outputs, extension abuse for privilege escalation, and “trusted-UI phishing” where the browser itself becomes the vector.
Google acted swiftly after responsible disclosure, deploying patches in the January 2026 stable channel update. Users on current Chrome versions (post-January baseline) are protected, but outdated installs remain exposed,d especially those enabling “Live in Chrome”, said Malwarebytes.
How to Stay Safe
- Update Chrome immediately via chrome://settings/help or your OS updater.
- Minimize extensions: Install only from verified developers, prioritizing open-source or audited ones. Revoke permissions for unused add-ons.
- Watch for red flags: Unexpected camera lights, phantom screenshots in task manager, or Gemini accessing odd file paths.
- Enable enhanced protections, such as Chrome’s Enhanced Safe Browsing, and consider enterprise policies to allowlist extensions.
- For high-risk users, turn off side-panel AI features until auditing improves.
Site: cybersecuritypath.com
About the Author
