This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC
zdnet.com
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
- Researchers found a high-severity bug in Chrome's Gemini feature.
- It grants extensions the ability to spy on you or steal your data.
- Update now.
A new vulnerability impacting Google Chrome's Gemini agentic AI feature has been disclosed -- patch now to stay protected.
Also: AI agents are fast, loose, and out of control, MIT study finds
Disclosed by senior principal security researcher Gal Weizman from Palo Alto Networks' Unit 42 team, the browser vulnerability affects Google Chrome's Gemini AI feature, an artificial intelligence (AI) agentic browser assistant.
The vulnerability, explained
Tracked as CVE-2026-0628 and deemed high severity, the vulnerability is described as an "insufficient policy enforcement in WebView tag in Google Chrome" issue that, prior to version 143.0.7499.192 of the browser, "allowed an attacker who convinced a user to install ...
Copyright of this story solely belongs to zdnet.com . To see the full text click HERE