Google has fixed a high-severity flaw in its implemention of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access sensitive system resources. Researchers said that the vulnerability demonstrates new security hazards that come with the deployment and use of agentic browsers that have AI built in. Specifically, the flaw tracked as CVE-2026-0628 could have allowed malicious browser extensions with only basic permissions to escalate privileges to access the victim’s camera and microphone without consent; take screenshots of any website; and access local files and directories, according to a report published today by researchers from Palo Alto Networks’ Unit 42 who discovered the flaw.

Full report : Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.