Overview
- Tracked as CVE-2026-0628 with a CVSS score of 8.8, the bug stemmed from insufficient policy enforcement in Chrome’s WebView tag.
- Unit 42 found that extensions using the declarativeNetRequest API could inject JavaScript into the privileged Gemini Live panel rather than only the standard gemini.google.com tab.
- A successful hijack could trigger the camera and microphone without consent, capture screenshots of HTTPS tabs, read local files, and stage phishing via the panel.
- Palo Alto Networks researcher Gal Weizman reported the issue to Google in late 2025, and Google patched it in January 2026 in Chrome 143.0.7499.192/.193 for Windows and macOS and 143.0.7499.192 for Linux.
- Researchers say the case highlights systemic risks from embedding agentic AI features in browsers, urging users to update Chrome and scrutinize extension permissions.