Chrome Gemini Vulnerability

An extremely critical flaw was identified within Google Chrome's embedded Gemini AI module, allowing for unauthorised surveillance of cameras and microphones as well as stealing files locally and executing phishing attempts entirely through opening the included AI interface inside the browser.

The vulnerability known as CVE-2026-0628 was identified by researchers working for Palo Alto Networks' Unit 42 team who reported it publicly to Google on November 17th of this year. Google acknowledged the problem and made available an update on December 31, 2025, ahead of its release for general viewing by users.

Gemini's presence within Google Chrome falls under an emerging category known as "AI browsers" where intelligent agents integrate seamlessly into web navigation experiences. The mentioned tools, including Microsoft Copilot within Edge browser and separate applications such as Atlas and Comet, function as exclusive auxiliary windows designed for instantaneous web page summaries, automated tasks execution, and enhanced context-aware navigation support.

Due to their requirement for an "all-encompassing" perspective on the user's display in order to operate efficiently, Google Chrome has given the Gemini interface enhanced privileges, encompassing features such as video capture, audio input, file reading/writing abilities locally, and snapshot functionalities. Despite its capacity for advanced functionalities, this sophisticated design significantly enhances the potential vulnerabilities of the web application's environment.

A problem lay within how Google's Chrome managed the Declarative Net Request API—a common feature for enabling browser extension permissions allowing these tools to block or alter HTTP/HTTPS traffic between users' browsers and websites. Many applications rely on this API primarily for its functionality in blocking ads.

Investigators discovered an important difference between how Google's Chrome handles HTTP traffic directed at https://gemini/. Google [. ]. The website can be accessed through this link: com/app. As soon as you load that particular URL within any standard web browser window, third-party tools called extensions have access to modify its content by injecting custom scripts; however, they do not gain elevated permissions for their actions.

google

Nevertheless, whenever the exact URL is loaded within the Gemini browser window, Google Chrome integrates it using enhanced, browser-wide functionalities.

Taking advantage of this discrepancy, an unethical plugin employing minimal privileges can insert unauthorized script directly within the secure Gemini interface, thereby subverting a dependable web application feature and acquiring complete control over it.

Enables Access to Camera and Microphone

With access to the Gemini interface through this method, attackers were able to execute these operations on behalf of users by merely having them click the Gemini icon:

Attack Capability Impact

Activation of cameras and microphones occurs secretly while avoiding any need for explicit permission from individuals involved.

Screenshot capture Exfiltration of sensitive on-screen data

Accessing local files and directories is equivalent to committing theft at an operating system level.

Phishing via trusted panel High-credibility deception attacks

Phishing threats present an especially grave danger due to the Gemini panel's status as a dependable, integrated feature within browsers. The presence of malicious elements in such sites grants them credibility not found on individual phishing websites.

Extensions exploited through historical methods were often deemed less risky because of the necessary conditions required for installing them. Nevertheless, incorporating elite artificial intelligence modules alters the equation significantly.

A substantial increase in malware-infected software packages being uploaded to online app repositories is evident over time. A significant number is swiftly eliminated, yet it happens prior to affecting tens of thousands of individuals.

Moreover, genuine extensions were exploited by attackers for their ability to distribute harmful software onto pre-existing systems, thereby undermining users' trust in these applications.