This critical Chrome browser vulnerability lets malicious extensions spy on your PC

A recent vulnerability in Google Chrome's Gemini integration may compromise user privacy, potentially enabling unauthorized data access or surveillance.

Follow ZDNET: Add us as a preferred source on Google.

ZDNET's key takeaways

• Researchers found a high-severity bug in Chrome's Gemini feature.
• It grants extensions the ability to spy on you or steal your data.
• Update now. 

A new vulnerability impacting Google Chrome's Gemini agentic AI feature has been disclosed -- patch now to stay protected.

Also: AI agents are fast, loose, and out of control, MIT study finds

Disclosed by senior principal security researcher Gal Weizman from Palo Alto Networks' Unit 42 team, the browser vulnerability affects Google Chrome's Gemini AI feature, an artificial intelligence (AI) agentic browser assistant.

The vulnerability, explained

Tracked as CVE-2026-0628 and deemed high severity, the vulnerability is described as an "insufficient policy enforcement in WebView tag in Google Chrome" issue ...