Security Researchers Uncover Critical Vulnerability in Chrome Browser
Security researchers from Palo Alto Networks’ Unit 42 have uncovered a critical vulnerability in the Chrome browser, tracked as CVE-2026-0628. The flaw affects the browser’s Gemini AI feature, which is designed to help users complete tasks, search information, and automate workflows.
The vulnerability stems from insufficient policy enforcement within the WebView tag used by the Gemini panel inside the browser. This allows attackers to exploit the flaw by convincing a user to install a seemingly harmless extension, which could then inject malicious scripts or HTML into the browser page.
Google Releases Patch for Vulnerability
Google has released a patch for the vulnerability in Chrome browser versions 143.0.7499.192 and 143.0.7499.193 for Windows and macOS, with a similar patch for Linux. Users are strongly advised to install the latest update as soon as it appears in the browser’s update notification.
The patch addresses the issue by enforcing stricter policy enforcement within the WebView tag, preventing attackers from injecting malicious scripts or HTML into the browser page.
Implications and Next Steps
The vulnerability has significant implications for Chrome users, as attackers could exploit the flaw to spy on users or steal sensitive data. Security experts warn that the attackers could access webcams or microphones, take screenshots, read local files, or launch phishing attacks.
As a result, users are advised to be cautious when installing extensions and to only install them from trusted sources. Additionally, users should ensure that their browser is up to date with the latest security patches to prevent exploitation of this vulnerability.
✨ Intelligent Curation Note
This article was processed by AI Universe’s Intelligent Curation system. We’ve decoded complex technical jargon and distilled dense data into this high-impact briefing.
Estimated time saved: ~1 minutes of reading.
Tools We Use for Working with AI:
