Redakcja Choose TV
Google has just patched a security vulnerability in the Gemini sidebar that could have become a gateway for hackers to our most private data. As reported by Digital Trends, the bug marked as CVE-2026-0628 allowed malicious extensions to inject code directly into the AI assistant. Due to Gemini's high system permissions in Chrome, this vulnerability was exceptionally dangerous for the average user.
What could hackers extract from your computer?
Researchers from Unit 42 (Palo Alto Networks) have shown that taking over the Gemini panel opens doors to permissions that ordinary browser extensions do not have access to. In the worst-case scenario, an attacker could gain access to the microphone and camera without any visible consent from the user, as well as take screenshots of the web pages being viewed in real-time.
But that’s not all. The vulnerability allowed for reading local files and directories directly from the operating system and executing malicious scripts within the Gemini interface. In short: the assistant that was meant to help with everyday web browsing could become a spy tool operating in the background of the browser.
Update Chrome if you haven't already!
The good news is that the error was reported to Google back in October 2025, and the official fix was delivered to users after internal testing in January 2026. However, today's reports remind us of a broader issue: AI integration involves a new level of risk, as these algorithms require much deeper insight into the system than standard features.
Source: Digital Trends
