From Tokyo: The race to embed artificial intelligence inside everyday software is accelerating at a pace that sometimes outstrips the security thinking that should accompany it. A freshly disclosed vulnerability in Google Chrome's Gemini Live feature is the latest illustration of that gap, and it carries consequences serious enough to warrant the attention of anyone using the world's most popular browser.
Palo Alto Networks' Unit 42 threat research team disclosed on Monday that it had uncovered CVE-2026-0628, a high-severity flaw rated 8.8 out of 10 on the Common Vulnerability Scoring System. The vulnerability sits inside Google's implementation of the Gemini feature in Chrome and allows an attacker to tap into the browser environment and access files on the local operating system, specifically by enabling malicious extensions with only basic permissions to hijack the Gemini Live browser panel.
Such an attack could escalate privileges and enable actions including accessing the victim's camera and microphone without consent, taking screenshots of websites, and accessing local files and directories. In a corporate environment, that is not a theoretical inconvenience. A malicious extension gaining access to the camera, microphone and local files of workers represents a genuine danger to any organisation.
The researchers found that an extension with access to a basic permission set through the declarativeNetRequests API could inject JavaScript code into the Gemini panel, a capability the API allows so extensions can intercept and modify properties of HTTPS web requests and responses. In short, a feature designed for legitimate purposes such as ad-blocking was left exposed in a way that could be turned against users.
Unit 42 responsibly disclosed the vulnerability to Google on 23 October 2025. Google was able to reproduce the exploit conditions and issued a fix in early January 2026. The upstream fix was placed in Chrome stable update 143.0.7499.192 and 143.0.7499.193. Users who have not updated to that version or later remain exposed.
The responsible disclosure process here worked as intended, and Google's response was reasonably prompt. That is worth acknowledging. Critics who reflexively frame every corporate security story as negligence should weigh the fact that a flaw discovered in October was patched inside three months, before any known exploitation in the wild. The system, imperfect as it is, functioned.
That said, the structural concern this vulnerability exposes is harder to patch than a single CVE. The risk of vulnerabilities like this one grows as AI becomes more deeply integrated into browser design, because AI technology creates a new risk model: it is not merely displaying content as a traditional browser does, but actively acting upon it. To perform tasks, AI browsers must be granted privileged access to the browsing environment so they can see what the user sees and get context from the website, but that expanded capability introduces a new and widened attack surface with security implications not present in traditional browsers.
Advocates for aggressive AI browser integration point out, reasonably, that these features deliver genuine productivity gains and that the answer to security risk is better engineering, not retreat. There is also a competitive reality: if Google restrains Gemini's browser capabilities, rivals will not. The question is whether the industry's security practices are keeping pace with its ambitions, and right now the evidence suggests the gap is widening.
For Australian enterprise users in particular, the implications extend to compliance obligations. Organisations operating under the Privacy Act carry legal exposure if employee data is accessed through a compromised browser, even when that compromise flows from a third-party extension rather than a deliberate internal failure. IT administrators who have not locked down Chrome extension permissions in managed environments should treat this disclosure as a prompt to do so.
The practical advice for individual users is straightforward: check that Chrome has updated to version 143.0.7499.192 or later by navigating to chrome://settings/help and allowing any available update to install. Enterprise teams should also inventory and remediate all embedded Chromium runtimes and Electron applications, since a host browser update does not automatically protect those environments. Users of other Chromium-based browsers, including Microsoft Edge, Brave, and Opera, should monitor their respective release channels for patches ingesting the same upstream fix.
The deeper lesson is one that the technology industry keeps relearning. Convenience and capability come with costs, and those costs are not always visible until a researcher finds them first. On this occasion, Unit 42 found the problem before the attackers did. Next time, the margin may be thinner.