Flaw in Chrome’s Gemini Live gave attackers access to user cameras and microphones

A high-severity vulnerability in Google’s Gemini Live in-browser AI assistant created significant privacy and security risks for Chrome users.

Gemini Live runs in a side panel, summarizing web content in real time and handling tasks like automated actions, and requires deep, privileged access to the browsing environment, including media devices and files.

The flaw, tracked as CVE-2026-0628, allows malicious extensions with basic permissions to 'hijack' the new feature, giving attackers access to webcams, microphones, and private files.

Palo Alto Unit 42 researchers said this vulnerability could have allowed malicious browser extensions with only basic permissions to escalate privileges and access the victim's camera and microphone without consent.

Thereafter, a threat actor could take screenshots of any website and access local files and directories.

“Today’s agentic browsers can act on your behalf — researching, reasoning and taking action without direct user input. While this can deliver meaningful productivity gains, in the absence of enterprise-grade controls these tools can take autonomous actions beyond IT oversight," warned Anupam Upadhyaya, SVP, product management, Prisma SASE, Palo Alto Networks.

"By inheriting a user’s browser session and accessing screens, files, cameras and microphones, agentic browsers can expand the attack surface through prompt manipulation and weakened web isolation, creating security and accountability gaps enterprises haven’t faced before."

How the Gemini Live flaw works

Researchers found that an extension with access to a basic permission set through the declarativeNetRequests API could have enabled an attacker to inject JavaScript code into the new Gemini panel.

The API allows extensions to intercept and change properties of HTTPS web requests and responses – needed for legitimate purposes, such as allowing AdBlock to stop requests that could lead to privacy-undermining ads.

However, when loaded within the new side panel, rather than a standard tab, a flaw emerges in the ability to intercept and change properties of hxxps[:]//gemini.google[.]com/app.

As a result, attackers could run arbitrary code at hxxps[:]//gemini.google[.]com/app under the new Gemini browser panel. As a privileged component of the browser itself, code running within the Gemini panel could access capabilities unavailable to the extension that injected the code initially.

Attackers could start the camera and microphone of the browser without asking for user consent, reach local files and directories of the underlying operating system, take screenshots of tabs showing any website that serves over HTTPS, and hijack the panel into carrying out a phishing attack.

"Innovation can’t come at the expense of security," said Upadhyaya. "If organizations choose to deploy agentic browsers, they must treat them as high-risk infrastructure, with runtime visibility, enforced policy controls and hardened guardrails built in from day one. Anything less invites compromise.”

Unit 42 shared the issue with Google in October via coordinated vulnerability disclosure, with Google releasing a fix in early January.

FOLLOW US ON SOCIAL MEDIA

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.