Redakcja Choose TV
Google has just patched a security vulnerability in the Gemini sidebar, which could have become a gateway for hackers to our most private data. As reported by Digital Trends, the bug marked as CVE-2026-0628 allowed malicious extensions to inject code directly into the AI assistant. Due to Gemini having high system permissions in Chrome, this vulnerability was particularly dangerous for the average user.
What could hackers extract from your computer?
Researchers from Unit 42 (Palo Alto Networks) demonstrated that taking over the Gemini panel opened doors to permissions that regular browser extensions do not have access to. In the worst-case scenario, an attacker could gain access to the microphone and camera without any visible consent from the user, as well as take real-time screenshots of the pages being browsed.
But that's not all. The vulnerability allowed for reading local files and directories directly from the operating system and executing malicious scripts within the Gemini interface. In short: the assistant, which was meant to help with daily web browsing, could become a spying tool operating in the background of the browser.
Update Chrome if you haven't done so!
The good news is that the bug was reported to Google back in October 2025, and the official patch reached users after internal testing in January 2026. However, today's reports remind us of a broader issue: AI integration presents a new level of risk, as these algorithms require much deeper insight into the system than standard features.
Source: Digital Trends
