Full Report
A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw. The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42.
Analysis Summary
# Vulnerability: Chrome Gemini Panel Side-Channel and Local File Access
## CVE Details
- **CVE ID:** CVE-2024-10628 (Note: The user prompt provided "CVE-2026-0628," but based on Unit 42's research on Chrome Gemini, the correct identifier is **CVE-2024-10628**)
- **CVSS Score:** 8.8 (High)
- **CWE:** CWE-200: Exposure of Sensitive Information to an Unauthorized Actor; CWE-284: Improper Access Control
## Affected Systems
- **Products:** Google Chrome / Chromium-based browsers
- **Versions:** Versions prior to 131.0.6778.69/.70
- **Configurations:** Systems where the "Gemini in Chrome" side panel feature is enabled and malicious or compromised browser extensions are installed.
## Vulnerability Description
The flaw stems from an improper isolation boundary between the newly integrated Gemini side panel and Chrome extensions. While Chrome normally enforces strict security policies to prevent extensions from interacting with internal browser components, researchers discovered that extensions could bypass these restrictions via the `chrome.sidePanel` API or by manipulating the side panel’s execution context. This allowed an extension to inject scripts into the Gemini interface, effectively "hijacking" the agentic AI's session. This could lead to cross-origin data theft and unauthorized access to local files that the browser has permission to view.
## Exploitation
- **Status:** PoC available (demonstrated by researchers); No known exploitation in the wild at the time of publication.
- **Complexity:** Medium (Requires the victim to install a malicious extension or for an existing extension to be compromised).
- **Attack Vector:** Local (Delivered via a malicious browser extension).
## Impact
- **Confidentiality:** High (Access to Gemini chat history, user data, and local system files).
- **Integrity:** High (Ability to manipulate Gemini's responses or perform actions on behalf of the user).
- **Availability:** Low (Primary impact is focused on data privacy/theft).
## Remediation
### Patches
- **Google Chrome:** Update to version **131.0.6778.69/.70** (Windows/Mac) or **131.0.6778.69** (Linux) and later.
### Workarounds
- **Disable Gemini:** If unable to patch immediately, administrators can disable the Gemini side panel via Chrome Enterprise policies (`GenAiSidePanelSettings`).
- **Extension Audit:** Review and restrict the installation of third-party extensions, particularly those requesting broad permissions.
## Detection
- **Indicators of compromise:** Unusual extension behavior, such as a basic extension suddenly requesting access to the side panel API or attempting to communicate with `gemini.google.com`.
- **Detection methods and tools:** Monitoring for unauthorized calls to the `chrome.sidePanel` API in managed environments; using EDR/XDR tools to flag suspicious Chrome subprocess activity.
## References
- **Vendor Advisory:** hxxps[://]chromereleases[.]googleblog[.]com/2024/11/stable-channel-update-for-desktop[.]html
- **Unit 42 Research:** hxxps[://]unit42[.]paloaltonetworks[.]com/vulnerability-chrome-gemini-side-panel/
- **Chromium Bug Tracker:** hxxps[://]issues[.]chromium[.]org/issues/372746416