High-Severity Chrome Vulnerability Exposed AI Assistant to Hijacking – What Computer Users Need to Know

A critical security flaw in Google Chrome’s embedded Gemini AI assistant has put millions of users at risk of silent surveillance, local file theft, and sophisticated phishing attacks. The vulnerability, tracked as CVE-2026-0628, allowed malicious browser extensions to hijack Chrome’s “Live in Chrome” panel and gain unauthorized access to cameras, microphones, screenshots, and local files—all without triggering new consent prompts.[1][2][3]

If you’re experiencing unexpected camera activations, unexplained system slowdowns, or suspicious browser behavior after this vulnerability disclosure, Goinsta Repairs offers nationwide remote computer repair services with our flat-rate $139 emergency troubleshooting package. Our certified technicians can audit your extensions, verify your Chrome version is patched, and remove any malicious software—all from the safety of your home.

What Happened: The “Glic Jack” Exploit

Google patched this high-severity flaw in early January 2026, but the incident reveals how AI-powered browsers are fundamentally changing the security landscape. Chrome’s Gemini “Live in Chrome” panel runs as a privileged browser component with extraordinary capabilities: it can read local files, take screenshots of any website (even over HTTPS), and activate your camera and microphone to automate multi-step tasks.[2][3][1]

Security researchers at Palo Alto Networks Unit 42 discovered that a basic browser extension using the declarativeNetRequest API—the same permission used by legitimate ad blockers—could inject malicious JavaScript code into the Gemini side panel when it loaded the gemini.google.com/app web app. Because the Gemini panel is a trusted, high-privilege component of Chrome itself, any code running inside it inherited those powerful capabilities.[3][4][1][2]

In practical terms, this meant a seemingly harmless extension with basic permissions could:

• Activate your camera and microphone without any visible consent prompt
• Enumerate and access local files and directories on your operating system
• Take screenshots of any website you visit, including banking and email sites
• Turn the Gemini panel into a phishing interface that looks completely legitimate[1][2][3]

Normally, browser extensions are isolated from core browser components and other extensions. But CVE-2026-0628 broke that isolation boundary, letting a low-privilege extension effectively “drive” a privileged AI assistant and steal its powers.[2][1]

The Bigger Risk: Agentic Browsers Are Expanding Attack Surfaces

This vulnerability is just one example of a much broader security challenge in 2026. Agentic browsers—including Chrome with Gemini, Microsoft Edge with Copilot, and newer AI-first browsers like Atlas and Comet—embed AI side panels that see everything you do, maintain context across sessions, and can autonomously execute multi-step actions like form filling, summarization, and task automation.[5][6][7]

These assistants need broad access to function:

• Everything you see and interact with on the screen
• Local files for document analysis and automation
• Application data including emails, messages, and calendar entries in some designs
• Multi-step execution authority to click buttons, submit forms, and navigate sites on your behalf[6][5][1]

That combination of visibility, access, and autonomy makes AI browser assistants an attractive “command broker” for attackers. If an attacker can inject instructions into the assistant—whether through a vulnerable extension, prompt injection hidden in a website, or a compromised supply chain component—they gain a powerful automation engine with legitimate access to your most sensitive data.[7][5][6][1]

Industry research confirms this isn’t theoretical: 43% of AI agent implementations analyzed in early 2026 had flaws that let attackers execute arbitrary commands on the host system, and only 8.5% used modern OAuth authentication instead of static API keys that never rotate. Similar high-severity vulnerabilities have been disclosed in ServiceNow, OpenAI, GitHub Copilot, and Microsoft Copilot since mid-2025.[7]

Gartner has advised most organizations to avoid agentic browsers entirely, arguing that the risks currently outweigh productivity benefits for many enterprises.[4]

How to Stay Safe: Immediate Actions for Chrome Users

Google shipped fixes for CVE-2026-0628 in early January 2026, so any Chrome version released after January 2026 is not vulnerable. Here’s what you need to do right now:[3][1][2]

1. Update Chrome Immediately

Open Chrome, go to Settings → About Chrome, and verify you’re running version 143 or newer. If you’re on an older version, update immediately—especially if you’ve enabled or used the “Live in Chrome” Gemini panel.[1][2][3]

2. Audit Your Installed Extensions

Go to chrome://extensions and review every installed extension. Remove anything you don’t actively use or can’t identify. Look for:[8][9][10]

• Extensions with no clear developer or contact information
• Extensions that haven’t been updated in over 6 months (60% of Chrome extensions have never received a security update)[9]
• Extensions that request excessive permissions unrelated to their stated function (e.g., a note-taking extension asking for camera access)[8][9]
• Extensions that recently changed permissions after an update without clear explanation[8]

Pro tip: Use Chrome’s built-in Task Manager (Shift + Esc) to identify extensions consuming excessive memory or CPU—these can be signs of malicious background activity.[10]

3. Minimize Extension Use to Essential Functions Only

Every installed extension increases your attack surface. Security best practice is to keep only those extensions that are critical to your daily tasks, ideally from developers with active GitHub repositories, regular updates, and transparent contact information.[9][10][8]

For sensitive activities like online banking, tax preparation, or accessing medical records, create a separate Chrome profile with zero extensions or use a dedicated clean browser profile.[10][9]

4. Enable Chrome’s Enhanced Safe Browsing

Go to Chrome Settings → Privacy and Security → Security, and select Enhanced Protection. This setting checks websites and downloads against Google’s latest threat intelligence and warns you proactively about risky sites or malicious extension installs.[8]

5. Monitor for Anomalies

Watch for signs that an extension may have exploited this or a similar vulnerability:

• Camera or microphone activating unexpectedly without your explicit action
• Unexplained screenshots appearing in your downloads folder
• Gemini-related processes touching unusual file paths (visible in Chrome’s Task Manager)
• Sudden permission change notifications from extensions you’ve used for months[2][1]

If you notice any of these warning signs, disconnect from the internet immediately, remove the suspicious extension, run a full antivirus scan, and change passwords for any sensitive accounts you accessed during the affected period.[8]

When to Call Emergency Computer Repair

If you suspect your system has been compromised—whether through this Chrome vulnerability, a malicious extension, or any other security incident—time matters. The longer malicious software remains active, the more data it can exfiltrate and the deeper it can embed itself in your system.

Goinsta Repairs provides emergency remote computer repair services nationwide with our Insta lat-rate $139 Remote Service—no hidden fees, no hourly billing surprises. Our technicians can:

✅ Perform comprehensive extension audits and remove malicious add-ons
✅ Verify your Chrome version is fully patched against CVE-2026-0628
✅ Run deep malware scans using enterprise-grade tools from our trusted partners including Malwarebytes, Kaspersky, and Avast Business[11]
✅ Check for signs of data exfiltration or unauthorized file access
✅ Harden your browser security settings to prevent future incidents
✅ Provide a detailed security report and ongoing protection recommendations

Call us now at 720-604-0834 or visit our nationwide remote services page to schedule same-day emergency support. We’re available 9 AM – 6 PM MST, Monday through Friday, with weekend emergency appointments available.[12][13]

The Long-Term Lesson: AI Security Is Different

The Chrome Gemini vulnerability exposes a fundamental truth about AI-integrated software: traditional security models built around data access and network boundaries are insufficient when AI agents can see, decide, and act autonomously.[5][6][7]

As security researchers at Palo Alto Networks note, “hijacking the Gemini panel allows privileged access to system resources that an extension would not normally have” because the AI assistant needs those privileges to perform its legitimate functions. This creates what experts call the “Lethal Trifecta”:[4][1]

1. Access to sensitive data (emails, documents, local files, credentials)
2. Exposure to untrusted content (web pages, user uploads, API responses)
3. Ability to take autonomous action (click buttons, send emails, execute code)[7]

When all three properties exist in one system, exploitation becomes fundamentally easier. An attacker doesn’t need to steal credentials or break encryption—they just need to slip malicious instructions into content the AI will process, then let the AI use its own legitimate privileges to execute the attack.[6][5][7]

The OWASP Top 10 for Agentic Applications, released in late 2025 with input from over 100 security experts, now formally catalogs these risks—including prompt injection, excessive agency, and supply chain vulnerabilities in agent tooling. It’s becoming the standard framework security teams use to evaluate agentic AI risk.[7]

Protect Your Digital Life with Trusted Expertise

Whether you’re dealing with this specific Chrome vulnerability, general slowdowns, virus infections, ransomware concerns, or just want a professional security audit of your system, Goinsta Repairs has the expertise and tools to help.

We’ve served thousands of residential and business customers nationwide with:

🔹 15+ years of combined industry experience across our certified technician team
🔹 Transparent flat-rate pricing—our $139 remote repair package includes diagnostics, malware removal, optimization, and security hardening with no hourly surprises
🔹 Trusted technology partnerships with industry leaders including Dell Technologies, Malwarebytes, Kaspersky, and Avast Business[14][11]
🔹 Same-day emergency response for urgent security incidents
🔹 Nationwide remote support—we can access your system securely from anywhere in the United States

Don’t let security vulnerabilities, malicious extensions, or suspicious browser behavior put your personal data, financial information, and digital privacy at risk. Contact Goinsta Repairs today for expert, affordable, and transparent computer repair and cybersecurity support.

📞 Call now: 720-604-0834
📧 Email: care@goinstarepairs.com
🌐 Visit: goinstarepairs.com

Goinsta Repairs: Trusted nationwide computer repair and cybersecurity protection. Remote support and emergency services available.

---

Related Resources:

• Google Chrome Official Security Updates
• Palo Alto Networks Unit 42 Full Disclosure
• OWASP Top 10 for Agentic AI Applications

Have questions about browser security, malware protection, or computer repair? Leave a comment below or call our expert team at 720-604-0834.

Sources
[1] Vulnerability in Chrome Allowed Extensions to Hijack New Gemini … https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
[2] New Chrome Vulnerability Let Malicious Extensions Escalate … https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
[3] Chrome security flaw enabled spying via Gemini Live assistant https://securityaffairs.com/188807/security/chrome-security-flaw-enabled-spying-via-gemini-live-assistant.html
[4] Chrome AI panel became privilege escalator for extensions https://www.theregister.com/2026/03/03/google_chrome_bug_gemini/
[5] I tested the latest agentic browsers in 2026. The capabilities … – Reddit https://www.reddit.com/r/AI_Agents/comments/1qjnncz/i_tested_the_latest_agentic_browsers_in_2026_the/
[6] Agencies face big risks in 2026 with AI browsers – FedScoop https://fedscoop.com/ai-web-browsers-federal-agencies-purple-teaming/
[7] Agentic AI Security in 2026: Every Major Platform Has a Catalogued … https://www.linkedin.com/pulse/agentic-ai-security-2026-every-major-platform-has-ravindran-dsm3e
[8] Are Chrome extensions safe? How to use them securely in 2026 https://www.expressvpn.com/blog/chrome-extensions-safe/
[9] Top 5 Browser Extension Security Risks & 5 Ways to Prevent Them https://seraphicsecurity.com/learn/browser-security/top-5-browser-extension-security-risks-and-5-ways-to-prevent-them/
[10] Best Chrome security extensions (2026) | Guardio https://guard.io/blog/chrome-security-extensions
[11] Why do clients trust Goinsta Repairs for comprehensive tech and repair services https://www.perplexity.ai/search/59a009ee-5782-42b2-a5cb-a87d69f86e04
[12] Goinsta Repairs (@go.instarepairs) • Instagram photos and videos https://www.instagram.com/go.instarepairs/?hl=en
[13] GoInsta – Toll Free: 888-335-7145 #Computer #Repair … – Facebook https://www.facebook.com/photo.php?fbid=182295041048637&set=a.140969178514557&id=100078354246930
[14] Goinsta Repairs has the best partners!!“This is it” by Dell … – YouTube https://www.youtube.com/watch?v=plw2uD5iBzo
[15] Redefining Risk: Cybersecurity And AI Predictions For 2026 – Forbes https://www.forbes.com/councils/forbestechcouncil/2026/02/04/redefining-risk-cybersecurity-and-ai-predictions-for-2026/
[16] Chrome Extension Security Risks and Best Practices – LinkedIn https://www.linkedin.com/posts/techbrieflycom_chrome-extension-freedom-activity-7416452720389427200-gCNY
[17] Chrome Gemini AI Security Flaw CVE-2026-0628 – LinkedIn https://www.linkedin.com/posts/itlandy_cybersecurity-infosec-googlechrome-activity-7434677902358724609-KA2d
[18] 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child https://www.darkreading.com/threat-intelligence/2026-agentic-ai-attack-surface-poster-child
[19] I compiled 15 best practices for building browser extensions after … https://www.reddit.com/r/chrome_extensions/comments/1r22wuj/i_compiled_15_best_practices_for_building_browser/
[20] Goinsta Repairs | Littleton, CO – Thumbtack https://www.thumbtack.com/co/littleton/computer-repair/goinsta-repairs/service/461042141723279379
[21] GOINSTA REPAIRS – Updated March 2026 – Phone Number – Yelp https://www.yelp.com/biz/goinsta-repairs-littleton
[22] Computer Repair and Smart Technology Services – GoInsta Repairs https://goinstarepairs.com
[23] 3 Best Computer Repair in Lakewood, CO – Expert Recommendations https://threebestrated.com/computer-repair-in-lakewood-co
[24] How much would this repair cost? : r/Insta360 – Reddit https://www.reddit.com/r/Insta360/comments/1n1n9xn/how_much_would_this_repair_cost/
[25] Experience with Insta360 repair service? – Reddit https://www.reddit.com/r/Insta360/comments/jrm5rj/experience_with_insta360_repair_service/
[26] Goinsta Repairs – Troubleshooting Tips https://goinstarepairs.com/troubleshooting-tips-tricks/
[27] goinstarepairs – Goinsta Repairs https://goinstarepairs.com/product-tag/goinstarepairs/
[28] computer repair near me – Goinsta Repairs https://goinstarepairs.com/product-tag/computer-repair-near-me/
[29] Our Services – Goinsta Repairs https://goinstarepairs.com/our-services/
[30] GoInsta Repairs | Littleton CO – Facebook https://www.facebook.com/GoInstarepairs/
[31] Business – Goinsta Repairs https://goinstarepairs.com/product-tag/business/

• Google Chrome Emergency Update: Don’t Wait, Patch Now
• How to Find and Remove Malicious Browser Extensions: A Simple Guide for Everyone
• Is Google Chrome’s Incognito Mode Actually Private?
• Are browser extensions safe?
• The Truth About YouTube Ad Block Extensions and Chrome Extensions