A recently disclosed vulnerability in Google’s Gemini AI panel could have allowed hackers to hijack the feature and access sensitive data on a user’s device. Researchers at Palo Alto Networks’ Unit 42 first discovered the flaw, which is labeled as CVE-2026-0628.
According to the report, the issue stemmed from how Chrome handled permissions for the Gemini side panel. This is a browser feature that integrates Google’s AI assistant directly into the browsing experience. The discovered vulnerability could have enabled malicious browser extensions with basic permissions to inject code into the Gemini panel.
Gemini in action in Chrome. GoogleRecommended Videos
Since the Gemini panel runs with elevated privileges in Chrome, attackers could exploit the flaw and gain access to systems that are normally restricted.
What hackers could’ve done with the exploit
Once the Gemini panel is hijacked, the attacker
...Keep reading this article on Digital Trends.
