The new wave of agentic browsers brings the promise of transforming the way we use our computers and experience the internet, with AI-driven tools that interact with websites, fill out forms and manage workflows on our behalf. But with these experiential benefits, also come profound new cybersecurity challenges.
Unit 42 researchers at Palo Alto Networks released new research on a high-severity vulnerability (CVE-2026-0628) they discovered in Google’s new Gemini Live in Chrome feature that could allow malicious extensions with basic permissions to ‘hijack’ the new in-browser AI assistant, granting attackers access to webcams, microphones, and private files.
Palo Alto Networks researchers shared the issue with Google in October via coordinated vulnerability disclosure and Google issued a fix in early January. But, this discovery underscores a growing security paradox: as tech giants rush to turn browsers into powerful AI agents, they are inadvertently opening new backdoors to sensitive personal data.
The research is live here: http://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking
Like this:
Like Loading...
Related
This entry was posted on March 2, 2026 at 12:38 pm and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Palo Alto Networks Unit 42 Says That A Chrome CVE Can Allow Hijacking Of The In-Browser AI Assistant
The new wave of agentic browsers brings the promise of transforming the way we use our computers and experience the internet, with AI-driven tools that interact with websites, fill out forms and manage workflows on our behalf. But with these experiential benefits, also come profound new cybersecurity challenges.
Unit 42 researchers at Palo Alto Networks released new research on a high-severity vulnerability (CVE-2026-0628) they discovered in Google’s new Gemini Live in Chrome feature that could allow malicious extensions with basic permissions to ‘hijack’ the new in-browser AI assistant, granting attackers access to webcams, microphones, and private files.
Palo Alto Networks researchers shared the issue with Google in October via coordinated vulnerability disclosure and Google issued a fix in early January. But, this discovery underscores a growing security paradox: as tech giants rush to turn browsers into powerful AI agents, they are inadvertently opening new backdoors to sensitive personal data.
The research is live here: http://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking
Share this:
Like this:
Related
This entry was posted on March 2, 2026 at 12:38 pm and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.