Support our independent tech coverage. Chrome Unboxed is written by real people, for real people—not search algorithms. Join Chrome Unboxed Plus for just $2 a month to get an ad-free experience, access to our private Discord, and more. Learn more about membership here.
START FREE TRIAL (MONTHLY)START FREE TRIAL (ANNUAL)
If, like me, you’ve been enjoying the convenience of having Google’s Gemini AI tucked into your Chrome side panel, you need to take a moment to check your installation of Chrome for the latest update. A recently disclosed vulnerability, labeled CVE-2026-0628, revealed that the Gemini panel essentially left a backdoor open for hackers to hijack your browser and access sensitive data.
The flaw was discovered by researchers at Palo Alto Networks’ Unit 42, and it highlights the growing security challenges that come with integrating powerful AI directly into the browsing experience.
How the exploit worked
The issue stemmed from how Chrome managed permissions for the Gemini side panel. Because this panel runs with elevated system privileges, it has deeper access to your computer than a standard webpage.
Researchers found that malicious browser extensions (even those with only basic permissions) could inject code into the Gemini interface. Once hijacked, an attacker could potentially:
- Access your camera and microphone without your consent.
- Take screenshots of any webpage you are currently viewing.
- Read local files and directories directly from your operating system.
- Execute malicious scripts with powerful, system-level privileges.
The fix is already live
The good news is that Google has already addressed the issue. The vulnerability was privately disclosed to the company in October 2025, and a permanent fix was rolled out in January 2026.
However, security is only effective if you actually apply the update. If you are one of those users who leaves your browser open for weeks at a time without restarting, you might still be at risk.
Why AI features are “high-risk”
This incident underscores a broader warning from security experts: AI-powered browser features are a double-edged sword. To be useful, they often require deeper access to the system and the content of your tabs. This deeper access creates new vectors for attackers that didn’t exist in the pre-AI era of browsing.
As Digital Trends points out, the takeaway for the everyday user is simple: Update Chrome immediately. To check your version and trigger an update, go to Settings > About Chrome. If you aren’t on the latest version, let the browser update and restart it as soon as possible to ensure that security hole is firmly closed.
SUBSCRIBE TO UPSTREAM
Get Chrome Unboxed delivered straight to your inbox
Upstream is our flagship, curated newsletter with the top stories, most click-worthy deals, giveaways, and trending articles from Chrome Unboxed sent directly to your inbox a few times a week. Join 31,000+ subscribers.
