This is why you need to update your Chrome. A patched Chrome vulnerability could have turned Google’s Gemini AI into a built-in surveillance tool.

If you have not updated Google Chrome since January, this is your friendly reminder. The patch is already out. The vulnerability details are just catching up.

In January, Google released Chrome patches without much explanation of the newly discovered vulnerabilities, prompting users to update quickly.

The company had been tipped off by researchers at Unit 42, who discovered a high-severity vulnerability (CVE-2026-0628) tied to Chrome’s AI assistant feature, Gemini.

Security researchers have now released a more detailed report, warning that a now-patched Chrome vulnerability could have allowed attackers to hijack users’ cameras and microphones and browse through local files.

The most worrying part is that hijacking Google’s AI assistant would have enabled phishing attacks from within the browser’s Gemini panel, which users might click without giving a second thought.

AI integrated into browsers could become a surveillance tool

Google’s built-in AI assistant lives in a sidebar in the browser. It can summarize pages, automate tasks, and interact with content in real time.

It is part of a broader wave of so-called “AI browsers,” in which assistants like Copilot in Edge or Gemini in Chrome operate directly within the browsing environment.

Such features come with the risk, as that is precisely where Unit 42 identified a high-severity vulnerability in Chrome’s Gemini Live panel.

Researchers found that a malicious browser extension with relatively basic permissions could inject JavaScript into the Gemini panel.

Inside the panel, Gemini has elevated access to the browser environment. Gemini can interact with local files. It can take screenshots or access the camera and microphone. These capabilities are designed to power advanced AI features. But if hijacked, they become a surveillance toolkit.

“Since the Gemini app relies on performing actions for legitimate purposes, hijacking the Gemini panel allows privileged access to system resources that an extension would not normally have,” researchers said.

What could attackers have done?

According to Unit 42, an attacker exploiting the flaw could have:

• Accessed the victim’s camera and microphone without consent
• Taken screenshots of any HTTPS website
• Reached local files and directories on the operating system
• Displayed phishing content inside the trusted Gemini panel

Even more concerning, the researchers demonstrated that these actions could be triggered with minimal user interaction.

“We could accomplish the above actions while requiring no user interaction, other than starting Gemini by clicking the Gemini button from the browser window's title bar,” they explained.

Because the Gemini panel is a built-in browser component, users are more likely to trust what appears inside it. A phishing page rendered there would not feel like a random pop-up, but rather like a native experience.

Update first, panic later

The good news is that Google fixed the issue in early January, before technical details were published.

Another piece of good news is that Chrome updates are automatic. Updates usually apply when you close and reopen the browser.

Have thoughts about this topic? Others do, too. Join them in the discussion.

However, the bad news is that some of us never close the browser. This habit might postpone updates for weeks or even months.

If you are unsure whether your Chrome is up to date, check it now. You can do it by:

• Opening three dots at the right corner of the Chrome browser.
• Going to “Settings”
• Pick “About Chrome” at the bottom.
• There you will find information about your current browser version, and you will be prompted to relaunch if needed.

---

Unlock more exclusive Cybernews content on YouTube.