A vulnerability in Gemini Live allowed malicious code to be injected into the interface.

A vulnerability in Chrome’s Gemini Live panel allowed malicious extensions to inject JavaScript into the privileged AI assistant interface. This flaw could enable attackers to spy on users by accessing local files, taking screenshots, and activating the camera and microphone without consent. The issue stemmed from insufficient policy enforcement in Chrome’s WebView tag, later patched in version 143.

Read more:

https://www.securityweek.com/vulnerability-allowed-hijacking-chromes-gemini-live-ai-assistant/