Skills
Unit 42: Chrome Gemini Live CVE-2026-0628 — Malicious Extensions Hijack Browser AI Assistant with Camera/Mic Access
Palo Alto Unit 42 discovered CVE-2026-0628, a high-severity vulnerability in Chrome's Gemini Live panel that allowed malicious browser extensions to hijack the privileged AI assistant and access the user's camera and microphone without interaction. This demonstrates a new attack surface: browser-integrated AI assistants become high-value targets because they run with elevated permissions. Extensions marketplace becomes a vector for AI assistant compromise. Patch status and mitigation details via Chrome security bulletin.
Source
↳ Follow the thread