Redakcja Choose TV
Google has just patched a security vulnerability in the Gemini sidebar that could have become a gateway for hackers to our most private data. As reported by Digital Trends, the bug marked as CVE-2026-0628 allowed malicious extensions to inject code directly into the AI assistant. Due to Gemini having high system privileges in Chrome, this vulnerability was particularly dangerous for the average user.
What could hackers extract from your computer?
Researchers from Unit 42 (Palo Alto Networks) demonstrated that taking control of the Gemini panel opened the door to permissions that ordinary browser extensions do not have access to. In the worst-case scenario, an attacker could gain access to the microphone and camera without any visible user consent, as well as take screenshots of viewed pages in real-time.
However, that is not all. The vulnerability allowed reading local files and directories directly from the operating system and executing malicious scripts within the Gemini interface. In short: the assistant that was supposed to help with everyday web browsing could become a spy tool operating in the background of the browser.
Update Chrome if you haven't done so!
The good news is that the bug was reported to Google back in October 2025, and the official fix reached users after internal testing in January 2026. However, today's reports remind us of a broader issue: AI integration is a new level of risk, as these algorithms require significantly deeper insight into the system than standard features.
Source: Digital Trends
