A vulnerability in Chrome may have allowed malicious extensions to hijack the browser’s AI assistant to spy on customers and exfiltrate knowledge, Palo Alto Networks studies.
Chrome’s aspect panel AI assistant, referred to as Gemini Dwell, was designed to assist customers by summarizing content material in actual time, routinely executing particular duties, and aiding with the contextual understanding of the energetic webpage.
“By granting the AI direct, privileged entry to the looking atmosphere, AI browsers are able to performing advanced, multi-step operations that had been beforehand not possible or required a number of extensions and guide steps,” Palo Alto Networks explains.
To perform as meant, the AI primarily sees what the person sees on the display and makes use of the online web page for context and directions, and this expanded functionality and privileged entry open the door to new dangers.
The vulnerability that Palo Alto Networks uncovered, tracked as CVE-2026-0628 and patched in January in Chrome 143, may have allowed malicious browser extensions to inject JavaScript code into the Gemini Dwell panel.
The malicious extension, the cybersecurity agency explains, would require entry to a permission set by means of the declarativeNetRequests API, which permits extensions to intercept and alter HTTPS net requests and responses.
The potential is supposed for professional functions, reminiscent of blocking malicious or intrusive requests, and is enabled by default for extensions to work together with content material originating from Gemini and loaded within the web site’s tab.
CVE-2026-0628, Palo Alto Networks says, impacted the power to work together with the contents loaded inside the Gemini panel, which means that JavaScript code would achieve entry to the AI’s capabilities.
“These embrace with the ability to learn native information, take screenshots, entry the digicam and microphone and extra, so the app may carry out advanced duties. With the ability to intercept it underneath that setting would have allowed attackers to realize entry to those powers too,” Palo Alto Networks explains.
As a result of the Gemini Dwell panel is a part of the browser itself, an attacker may have injected code to start out the digicam and microphone with out person consent, to entry native information, to take screenshots of browser tabs, and to hijack the panel and carry out a phishing assault.
“Because the Gemini app depends on performing actions for professional functions, hijacking the Gemini panel permits privileged entry to system sources that an extension wouldn’t usually have,” Palo Alto Networks explains.
The cybersecurity agency reported the bug to Google in October. A repair was rolled out in Chrome variations 143.0.7499.192/.193 for Home windows and macOS, and Chrome model 143.0.7499.192 for Linux.
Associated: Google Working In the direction of Quantum-Protected Chrome HTTPS Certificates
Associated: PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Associated: Over 300 Malicious Chrome Extensions Caught Leaking or Stealing Consumer Knowledge
Associated: Chrome, Edge Extensions Caught Stealing ChatGPT Periods
