๐ฌ๐งThe Register - AI/MLโขStalecollected in 23m
Chrome Gemini Flaw Enables Rogue Extension Escalation
๐กChrome security hole lets rogue extensions exploit Gemini AI for system access
โก 30-Second TL;DR
What Changed
High-severity bug in Chrome's Gemini Live AI panel
Why It Matters
This vulnerability exposes Chrome users to risks from malicious extensions exploiting AI features, potentially leading to system compromise. AI practitioners integrating browser-based AI should prioritize extension security reviews. It highlights risks in embedding LLMs within browsers.
What To Do Next
Audit Chrome extensions interacting with Gemini panel for privilege escalation risks.
Who should care:Developers & AI Engineers
๐ง Deep Insight
Web-grounded analysis with 7 cited sources.
๐ Enhanced Key Takeaways
- โขThe vulnerability (CVE-2026-0628), nicknamed 'Glic Jack,' exploited Chrome's declarativeNetRequest API to inject JavaScript into the privileged Gemini panel, bypassing the normal extension permission model that would restrict such access[3].
- โขGoogle integrated Gemini into Chrome in September 2025 via a new 'chrome://glic' URL using a WebView component, creating an attack surface that researchers discovered within months of deployment[3].
- โขThe flaw enabled attackers to access protected browser capabilities (camera, microphone, local files, screenshots) without additional user consent beyond the initial extension installation, effectively granting privilege escalation beyond what the extension's declared permissions should allow[2].
- โขPalo Alto Networks' Gal Weizman reported the vulnerability on November 23, 2025, and Google patched it in early January 2026, demonstrating a roughly 6-week remediation cycle for a high-severity flaw[3].
๐ ๏ธ Technical Deep Dive
- โขThe vulnerability leveraged the declarativeNetRequest API, which allows extensions to intercept and modify network requests, to inject arbitrary JavaScript code into the Gemini panel[2][3].
- โขChrome's Gemini panel operates as a privileged WebView component loaded via 'chrome://glic' that hosts the gemini.google.com web app with elevated capabilities including file system access, camera/microphone control, and screenshot functionality[3].
- โขThe attack vector required only basic extension permissions; malicious code could run at 'gemini.google.com/app' within the panel context and inherit the panel's elevated privileges, bypassing the standard extension sandbox[3].
- โขThe flaw exposed a fundamental architectural issue: intercepting JavaScript in a normal tab is trivial and unprivileged, but the same injection into the Gemini panel granted access to powerful browser APIs normally restricted to trusted components[2].
๐ฎ Future ImplicationsAI analysis grounded in cited sources
AI-integrated browser features will require stricter isolation mechanisms to prevent privilege escalation attacks as more AI capabilities are embedded directly into browsers.
The Gemini panel vulnerability demonstrates that baking AI features into browsers creates new attack surfaces that traditional extension permission models cannot adequately protect.
Enterprise environments face elevated risk from rogue or compromised extensions as AI-powered browser features expand access to cameras, microphones, and local files.
Malicious extensions can now leverage AI panel hijacking to exfiltrate sensitive data at scale, making extension vetting critical for organizations.
Browser vendors will likely implement stricter content security policies for AI panels to prevent code injection from extensions with network interception permissions.
The CVE-2026-0628 patch likely introduced additional isolation or permission checks to prevent declarativeNetRequest from affecting privileged panel contexts.
โณ Timeline
2025-09
Google integrates Gemini AI assistant into Chrome browser via new 'chrome://glic' panel component
2025-10-23
Palo Alto Networks initially reports CVE-2026-0628 vulnerability to Google (responsible disclosure)
2025-11-23
Gal Weizman (Palo Alto Networks Unit 42) formally documents and reports the Glic Jack vulnerability
2026-01
Google releases patch for CVE-2026-0628 in early January, fixing the Gemini panel hijacking flaw
2026-03-03
Security researchers publicly disclose vulnerability details after patch availability
๐ Sources (7)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
- securityaffairs.com โ Chrome Security Flaw Enabled Spying via Gemini Live Assistant
- unit42.paloaltonetworks.com โ Gemini Live in Chrome Hijacking
- thehackernews.com โ New Chrome Vulnerability Let Malicious
- securityweek.com โ Vulnerability Allowed Hijacking Chromes Gemini Live AI Assistant
- cisoseries.com โ Cybersecurity News Chrome Quantum Safe Certificates Gemini Live Vulnerability UK Warns of Iranian Cyberattacks
- darkreading.com โ Bug Google Gemini AI Panel Hijacking
- bughunters.google.com โ Chrome Vulnerability Reward Program Rules
๐ฐ
Weekly AI Recap
Read this week's curated digest of top AI events โ
๐Related Updates
AI-curated news aggregator. All content rights belong to original publishers.
Original source: The Register - AI/ML โ