Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Google has patched a high-severity vulnerability (CVE-2026-0628) in the Gemini AI side panel within Chrome, discovered by Palo Alto Networks' Unit 42. The flaw allowed malicious browser extensions with only basic permissions to escalate privileges via the declarativeNetRequests API, enabling JavaScript injection into the trusted Gemini panel. This could have granted attackers access to the user's camera, microphone, screenshots, and local files. The bug was demonstrated in October, reproduced by Google, and patched in early January. Researchers warn that agentic AI browsers introduce a fundamentally new attack surface, as they don't just display content but act on it with elevated privileges, requiring native, continuous security controls built directly into the browser.

Bug in Google's Gemini AI Panel Opens Door to Hijacking