TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources ENDPOINT SECURITY REMOTE WORKFORCE VULNERABILITIES & THREATS THREAT INTELLIGENCE NEWS Bug in Google's Gemini AI Panel Opens Door to Hijacking Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources. Elizabeth Montalbano,Contributing Writer March 2, 2026 4 Min Read SOURCE: QUBIX STUDIO VIA SHUTTERSTOCK Google has fixed a high-severity flaw in its implemention of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access sensitive system resources. Researchers said that the vulnerability demonstrates new security hazards that come with the deployment and use of agentic browsers that have AI built in. Specifically, the flaw tracked as CVE-2026-0628 could have allowed malicious browser extensions with only basic permissions to escalate privileges to access the victim's camera and microphone without consent; take screenshots of any website; and access local files and directories, according to a report published today by researchers from Palo Alto Networks' Unit 42 who discovered the flaw. "The vulnerability put any user of the new Gemini feature in Chrome at risk of system compromise if they had installed a malicious extension," Gal Weizman, senior principal researcher, Palo Alto Networks, tells Dark Reading. "Beyond individual users, the risk profile was significantly amplified within business and organizational environments." Related:Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto In Chrome, the Gemini Live feature operates within a privileged browser side panel, granting it elevated capabilities to perform actions such as accessing on-screen content and interacting with local system resources to complete complex tasks. Indeed, many browsers now have agentic AI capabilities integrated into the browsing experience, allowing for quick dissemination of data, and executing complex, multi-step operations that were previously impossible or required extensions and manual steps by the operator. However, with this expanded capability and privileged access comes "a new and widened attack surface" that introduces new risks to both home and corporate users, Weizman wrote in the report. "This creates security implications that are not present in traditional browsers," he explained. The Gemini AI Security Flaw & Its Fix Researchers uncovered the flaw in an extension to the Gemini side panel with access to a basic permission set through the "declarativeNetRequests" API, which failed to maintain a property security boundary. This "allowed permissions that could have enabled an attacker to inject JavaScript code into the new Gemini panel," Weizman wrote in the report. This API function can be used for legitimate purposes, such as how AdBlock stops requests that could lead to privacy-undermining ads. In fact, it is allowed by design for some extension behavior, and would not be problematic if loaded into a typical browser tab, Weizman says. Related:ClickFix Attacks Abuses DNS Lookup Command to Deliver ModeloRAT However, in this case it was the specific integration of Gemini AI with the browser that made the function potentially malicious, he said. The flaw allowed the same code injection to occur when the app was loaded within the new, trusted, and highly-privileged Gemini side panel component, when "Chrome hooks it with access to powerful capabilities," Weizman wrote. "These include being able to read local files, take screenshots, access the camera and microphone and more, so the app could perform complex tasks. Being able to intercept it under that setting would have allowed attackers to gain access to these powers, too." Palo Alto researchers demonstrated how an ordinary extension could hijack the Gemini panel and perform the aforementioned malicious activities in October; Google responded, was able to reproduce the exploit conditions, and subsequently patched the flaw in early January, according to the report. Agentic AI Browsers Add Security Risk The risk of vulnerabilities like this one exposing browsers to malicious activity increases as AI becomes more integrated into their design, Palo Alto researchers noted. That's due to the proactive nature of AI technology, which creates a new risk model because it is not just displaying content, as a typical browser does, but acting upon it as well. Related:Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again "These agents can inherit a user’s authenticated browser session and perform privileged actions inside enterprise applications, including modifying data or triggering workflows," Anupam Upadhyaya, senior vice president of product management for Palo Alto Networks' Prisma SASE, tells Dark Reading. This, in turn, means that developers of agentic browsers need to rethink and bolster security, creating browsers with native security that is "continuous and policy-enforced — not bolted on after deployment," Upahyaya says. "Designers should build in real-time inspection of prompts, AI responses and rendered content directly inside the browser, where users, data, and AI interact," he says. Defenders in general also need to understand that this new attack surface is one that "traditional network and endpoint controls were never designed to monitor," and adjust their own strategies accordingly beyond these controls, Upahyaya says. A good place to start would be by treating the browser as both "a primary attack surface and a potential control plane," he says. "That means gaining visibility into which AI browsers and extensions are in use; in-browser visibility into user navigation, uploads, copy/paste activity and extension behavior; and enforcing policy controls in real time before data leaves the browser," Upahyaya says. About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like ENDPOINT SECURITY GitHub-Hosted Malware Infects 1M Windows Users by Elizabeth Montalbano, Contributing Writer MAR 10, 2025 ENDPOINT SECURITY DPRK Actors Deploy VS Code Tunnels for Remote Hacking by Elizabeth Montalbano, Contributing Writer JAN 22, 2026 ENDPOINT SECURITY Chrome Store Features Extension Poisoned With Sophisticated Spyware by Elizabeth Montalbano, Contributing Writer JUL 07, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Editor's Choice VULNERABILITIES & THREATS Cisco SD-WAN Zero-Day Under Exploitation for 3 Years byRob Wright FEB 26, 2026 4 MIN READ ICS/OT SECURITY 'Richter Scale' Model Measures Magnitude of OT Cyber Incidents byKelly Jackson Higgins FEB 25, 2026 6 MIN READ THREAT INTELLIGENCE Enigma Cipher Device Still Holds Secrets for Cyber Pros byBecky Bracken FEB 23, 2026 3 MIN READ 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Industry Report: AI, SOC, and Modernizing Cybersecurity 5 Steps to Stop Ransomware With Zero Trust The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 10 Ways a Zero Trust Architecture Protects Against Ransomware Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarge