This post is also available in:
עברית (Hebrew)
As web browsers evolve into AI-powered workspaces, they are gaining deeper access to system resources. Integrated assistants can summarize content, automate tasks and interact directly with local files, cameras and microphones. While these features are designed for productivity, they also expand the attack surface if not properly secured.
A recently disclosed high-severity vulnerability in Google Chrome highlights that risk. The flaw, tracked as CVE-2026-0628, affected the browser’s Gemini AI panel — a built-in assistant that operates from a sidebar within Chrome. Although Google issued a patch in January, further technical details now show how the issue could have been exploited.
According to Cyber News, a malicious browser extension with relatively basic permissions could inject JavaScript into the chat’s Live panel. Once inside that environment, an attacker would effectively inherit the chat’s elevated access privileges. Unlike standard extensions, the AI assistant can interact with local files, capture screenshots, and access the device’s camera and microphone to enable advanced features.
If hijacked, those capabilities could have been repurposed for surveillance. Researchers demonstrated that attackers might have been able to access cameras and microphones without consent, capture screenshots of secure HTTPS websites, browse local directories, and display phishing content directly inside the trusted interface. In testing, these actions required minimal user interaction beyond launching the chat’s panel from the browser toolbar.
The phishing risk is particularly notable. Because the panel is a native browser component, content displayed within it is more likely to be trusted. A malicious prompt rendered inside that interface would appear legitimate, increasing the likelihood of user interaction.
Google addressed the issue earlier this year, and Chrome typically installs updates automatically once the browser is closed and reopened. However, users who keep sessions running for extended periods may delay the update process.
For enterprise, government and defense environments, the incident underscores a broader challenge: AI features embedded directly into core software can introduce privileged pathways if compromised. As AI assistants become standard components of productivity tools, maintaining strict patch discipline and monitoring extension permissions becomes critical.
Users can verify their Chrome version through the browser’s settings under “About Chrome” and relaunch if an update is pending.
