Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
HighPublic exploit

Privilege escalation via malicious extension in Chrome Gemini WebView

IdentifiersCVE-2026-0628CWE-693

CVE-2026-0628 is a high-severity insufficient policy enforcement flaw in Google Chrome’s WebView handling, affecting Chrome prior to 143.0.7499.192/.193. The issue arises when gemini.google.com/app is rendered inside Chrome’s privileged Gemini/Gemini Live side-panel WebView rather than a normal browser tab. A crafted Chrome extension, reportedly requiring only basic permissions such as declarativeNetRequest/declarativeNetRequests, could intercept and modify traffic to that panel and inject HTML or JavaScript into the privileged page. Because the Gemini panel is a trusted browser-integrated component with elevated capabilities, injected code could execute in a more privileged context than the extension normally has. Public reporting ties the flaw specifically to Chrome’s Gemini panel implementation and describes the root cause as insufficient policy enforcement in the WebView tag.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in privilege escalation from a low-privilege extension context into the privileged Gemini panel context. Reported impacts include unauthorized access to local files and directories, taking screenshots of browser content including HTTPS pages, activating the camera and microphone without normal consent prompts once the panel is launched, and presenting phishing content inside a trusted Chrome UI surface. In enterprise environments this could enable surveillance, sensitive data theft, and abuse of authenticated browser context.

Mitigation

If you can’t patch tonight, do this now.

If immediate patching is not possible, reduce extension attack surface: enforce extension allowlisting via enterprise policy, block or tightly restrict installation of untrusted extensions, review and remove suspicious or unnecessary extensions, and monitor for extensions requesting declarativeNetRequest-style permissions. Limiting user ability to install extensions and disabling Gemini-related features where operationally feasible may reduce exposure. No complete workaround is currently available in the provided content.

Remediation

Patch, then assume compromise.

Update Google Chrome to 143.0.7499.192 or later on Linux, or 143.0.7499.192/.193 or later on Windows and macOS. ChromeOS releases incorporating the Chromium fix should also be applied. Ensure enterprise-managed endpoints are updated promptly and verify that vulnerable Chrome builds prior to 143.0.7499.192/.193 are removed from service.
PUBLIC EXPLOITS

Exploits

1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos (1 hidden).

VALID 1 / 2 TOTALView more in app
CVE-2026-0628-POCMaturityPoCVerified exploit

This repository is a proof-of-concept (PoC) exploit for CVE-2026-0628, a vulnerability in Google Chrome (prior to version 143.0.7499.192) that allows a malicious extension to inject scripts into privileged Chrome pages (such as chrome://settings) using the <webview> tag. The repository contains a Chrome extension with a manifest (manifest.json), a background script (background.js) that listens for tab updates and injects a script when a privileged page is loaded, and an injection script (exploit/inject.js) that creates a <webview> element targeting a privileged page and executes arbitrary JavaScript within it. The PoC demonstrates replacing the content of a privileged page with a custom message, highlighting the security impact of the vulnerability. The README provides detailed instructions for reproducing the exploit and mitigation advice. No external network endpoints are used; the exploit targets internal Chrome URLs. The code is intended for educational and research purposes only.

fevar54Disclosed Jan 7, 2026javascriptjsonbrowser
EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
GoogleChromeapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

82 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

82 SOURCESView more in app
ctoatncsc substackNews
Mar 14, 2026
CTO at NCSC Summary: week ending March 15th

A high-severity vulnerability in Google's Gemini feature implementation in Chrome that can let an attacker access the browser environment and local operating system files.

Read more
checkpoint research blogNews
Mar 9, 2026
9th March - Threat Intelligence Report - Check Point Research

High-severity Chrome Gemini AI panel issue enabling malicious extensions to inject code and access sensitive device capabilities (camera/microphone), as well as screenshots, local files, and phishing content within the panel.

Read more
help net securityNews
Mar 6, 2026
March 2026 Patch Tuesday forecast: Is AI security an oxymoron? - Help Net Security

An elevation-of-privilege vulnerability in Google Chrome’s Gemini AI integration (Gemini Live panel) that could allow a malicious browser extension with basic permissions to hijack the Gemini Live panel.

Read more
vulnuNews
Mar 6, 2026
🎓️ Vulnerable U | #158

A Google Chrome vulnerability where malicious browser extensions could hijack the Gemini AI panel due to differing request handling between the special AI panel and regular tabs, enabling unauthorized access to sensitive resources and phishing from a trusted UI surface.

Read more
+16 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity60

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-0628
NVD
nvd.nist.gov/vuln/detail/CVE-2026-0628
MITRE CWE · CWE-693
cwe.mitre.org
Release Notes
chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
Issue Tracking
issues.chromium.org/issues/463155954