Home / Technology / Chrome AI Flaw: Extensions Can Spy, Steal Data
Chrome AI Flaw: Extensions Can Spy, Steal Data
2 Mar
Summary
- Vulnerability allows malicious extensions to inject scripts via Gemini AI.
- Attackers can access webcams, microphones, and local files.
- Google Chrome version 143.0.7499.192 fixes the security flaw.
A significant security vulnerability impacting Google Chrome's Gemini AI agentic feature has been addressed by Google. Disclosed by Palo Alto Networks, the issue, known as CVE-2026-0628, allowed malicious browser extensions to inject scripts into privileged pages.
This flaw could grant cybercriminals unauthorized access to sensitive resources. Hijacked Gemini AI could permit the theft of data, webcam and microphone access, screenshots, and local file exfiltration. The vulnerability was fixed in Google Chrome version 143.0.7499.192, released in January.
Researchers emphasize that agentic AI features, while promising, introduce new cybersecurity challenges. They are susceptible to attacks like prompt injection, which can compromise user data and privacy. Users are strongly advised to update Chrome promptly to mitigate these risks.
