A technical analysis by Palo Alto Networks Unit 42 reported that a patched Google Chrome vulnerability tracked as CVE-2026-0628 with a CVSS score of 8.8 could let malicious extensions escalate privileges and access local files. Google’s stable channel update fixed the issue in early January 2026 in Chrome 143.0.7499.192/.193 for Windows and Mac and 143.0.7499.192 for Linux.
KEY FACTS
- Vulnerability Insufficient policy enforcement in the WebView tag
- Identifier CVE-2026-0628
- Severity CVSS 8.8
- Patch Fixed in Chrome 143.0.7499.192 and .193 in early January 2026
Discovery occurred on November 23, 2025 and a patch was released in early January 2026 for desktop channels. The affected versions are listed in the stable channel update.
The flaw involved insufficient policy enforcement in the WebView tag. A malicious extension with basic permissions could inject JavaScript into the browser panel that hosts the Gemini app and run code at the panel origin, enabling access to camera and microphone, screenshots, and local files.
Exploitation required tricking a user into installing a specially crafted extension. The declarativeNetRequest API can be given rules that intercept or modify web requests, which made it possible for a low permission extension to influence the panel content loaded by the browser.
Integrating AI and agent features directly into the browser increases the attack surface because agents need privileged access to perform automated, multi step tasks. Hidden prompts or stored instructions could be abused to persist instructions across sessions and carry out privileged actions.
WHY IT MATTERS
The flaw shows that embedding AI panels in high privilege browser contexts can create new logical and implementation risks that allow extensions to operate beyond intended boundaries. Applying the available patch removes the specific vulnerability.