Urja Daily
No Result
View All Result
  • News
  • Renewable
    • Solar
    • Rooftop
    • Floating Solar
    • Module
    • Wind
    • Hydrogen
    • Biomass
    • Tenders
    • Sustainibility
  • Storage
  • E-Mobility
  • Battery
  • Smart City
  • Power
    • Smart Grid
    • Microgrid
    • Off-Grid
  • Editor’s Pick
    • Articles
    • In Talks
    • E-MAG
    • Market Research
  • On-demand Webinars
  • More
    • Events
    • Contact Us
    • Subscribe
  • News
  • Renewable
    • Solar
    • Rooftop
    • Floating Solar
    • Module
    • Wind
    • Hydrogen
    • Biomass
    • Tenders
    • Sustainibility
  • Storage
  • E-Mobility
  • Battery
  • Smart City
  • Power
    • Smart Grid
    • Microgrid
    • Off-Grid
  • Editor’s Pick
    • Articles
    • In Talks
    • E-MAG
    • Market Research
  • On-demand Webinars
  • More
    • Events
    • Contact Us
    • Subscribe
No Result
View All Result
Urja Daily
No Result
View All Result
Home News

Palo Alto Networks Flags Security Flaw in Chrome’s Gemini AI Panel

Google confirmed the findings and released a fix in early January 2026

Palak by Palak
March 11, 2026
in News
Reading Time: 3 mins read
0
Palo Alto Networks
Share on FacebookShare on TwitterShare on Linkedin

Unit 42 has identified and responsibly disclosed a high-severity vulnerability (CVE-2026-0628) affecting “Gemini Live in Chrome,” Google Chrome’s AI-powered side panel.

At a high level, the issue involved a privilege escalation or “privilege jump.” Chrome extensions typically operate within defined permission boundaries. However, Unit 42 found that a malicious extension could manipulate how the Gemini web app was loaded inside Chrome’s AI side panel — a browser environment that operates with higher privileges than a standard web tab.

RELATED POSTS

WIKA India to Showcase Intelligent Instrumentation and IIoT Solutions at Automation Expo 2026 Mumbai, Maharashtra

KP Green Engineering Limited Secures ₹2.39 Billion Orders Across Multiple Business Segments

Because the Gemini panel is treated as a trusted browser surface, influencing what loads inside it could allow an extension-controlled payload to execute in a more powerful context than the extension itself was granted.

How it worked: Privilege Escalation via AI Side Panels

The vulnerability allowed a malicious browser extension — even one with basic host permissions — to interfere with the Gemini Live side panel. Researchers found the extension could leverage Chrome’s request-modification capabilities to intercept and alter resources associated with the Gemini web application. This issue applied only when Gemini was accessed through the side panel, not a regular browser tab.

When loaded in the side panel, Gemini runs within a more privileged browser process, tightly integrated with browser features and granted enhanced capabilities that ordinary web pages do not have.

Due to how requests and content embedding were implemented, an extension permitted to interact with the Gemini domain could intercept and modify JavaScript resources before they were rendered in the panel. In effect, attacker-controlled code could be injected into content executing inside the panel’s higher-trust environment.

The extension itself did not gain new permissions. Instead, it manipulated the content pipeline feeding a privileged component. Because that component already had elevated capabilities, the injected code effectively “rode along” into a more powerful execution context — creating the privilege jump.

A successful exploit of CVE-2026-0628 could have enabled an attacker to:

  • Access local files and directories
  • Capture screenshots of browsing sessions
  • Activate camera and microphone capabilities without appropriate awareness
  • Execute phishing attacks within the trusted Gemini interface

The attack required no additional user interaction beyond installing a malicious extension and opening the Gemini panel.

Remediation and Protection

Palo Alto Networks notified Google on Oct. 23, 2025. Google confirmed the findings and released a fix in early January 2026.

Anupam Upadhyaya, SVP, Product Management, Prisma SASE, Palo Alto Networks, said, “Today’s agentic browsers can act on your behalf — researching, reasoning and taking action without direct user input. While this can deliver meaningful productivity gains, in the absence of enterprise-grade controls these tools can take autonomous actions beyond IT oversight. By inheriting a user’s browser session and accessing screens, files, cameras and microphones, agentic browsers can expand the attack surface through prompt manipulation and weakened web isolation, creating security and accountability gaps enterprises haven’t faced before.

The research highlights a broader architectural lesson: as AI becomes embedded into core browser components, strict isolation between extension-controlled content and privileged AI surfaces is essential to preserving the browser’s security model.

Tags: AI PanelGooglePalo AltoSecurity
ShareTweetShare
Palak

Palak

Related Posts

Automation Expo 2026 Invite

WIKA India to Showcase Intelligent Instrumentation and IIoT Solutions at Automation Expo 2026 Mumbai, Maharashtra

by Palak
July 14, 2026
0

Mumbai : WIKA India will showcase its latest intelligent instrumentation and Industrial Internet of Things (IIoT) technologies at Automation Expo 2026,...

KPI Green

KP Green Engineering Limited Secures ₹2.39 Billion Orders Across Multiple Business Segments

by Palak
July 14, 2026
0

KP Green Engineering Limited has secured orders worth Rs 2.39 billion from multiple clients across its transmission, solar and infrastructure...

Thailand

Thailand Approves $1.99 Billion Investment in AI, Data Centres and Clean Energy

by Palak
July 14, 2026
0

Thailand’s Board of Investment (BOI) has approved USD1.99 billion (THB66.3 billion) in new investments, primarily targeting artificial intelligence (AI), advanced...

HCC and Konstelec Engineers

Hindustan Construction Company Limited and Konstelec Engineers Limited Form JV for Nuclear Infrastructure Projects

by Palak
July 10, 2026
0

Hindustan Construction Company (HCC) and Konstelec Engineers Limited have entered into a joint venture (JV) to jointly bid for and...

Dr Ian Cambell

Breathe Battery Technologies’ Dr Ian Campbell Presented with Princess Royal Silver Medal

by Palak
July 10, 2026
0

London – Dr Ian Campbell, co-founder of Breathe Battery Technologies, was presented with The Princess Royal Silver Medal last night by HRH...

Next Post
Cargill

Cargill Unveils New Food Innovations at AAHAR 2026

Hygge Energy

Hygge Energy, Atria Renewable Join Hands for Rooftop Solar and P2P Energy Trading

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED

Automation Expo 2026 Invite

WIKA India to Showcase Intelligent Instrumentation and IIoT Solutions at Automation Expo 2026 Mumbai, Maharashtra

July 14, 2026
POWERGRID

POWERGRID secures LoI for ISTS augmentation project under TBCB

July 14, 2026

MOST VIEWED

  • Solar

    When the Sun Began Paying the Electricity Bills: The Story of PM Surya Ghar Muft Bijli Yojana

    0 shares
    Share 0 Tweet 0
  • India’s Emerging Polysilicon Manufacturing Ecosystem: Opportunities and Challenges

    0 shares
    Share 0 Tweet 0
  • KP Group & PP Savani University Launches Urjanoor Scholarship

    0 shares
    Share 0 Tweet 0
  • StarlinePS Enterprises Invests ₹160 Crore in Celloraa Energy

    0 shares
    Share 0 Tweet 0
  • Xpeng Selects u‑blox F9 Centimeter-level Multi-Band GNSS Technology for P7 Smart EV

    0 shares
    Share 0 Tweet 0

WIKA India to Showcase Intelligent Instrumentation and IIoT Solutions at Automation Expo 2026 Mumbai, Maharashtra

POWERGRID secures LoI for ISTS augmentation project under TBCB

JSW Energy arm bags Rs 4.4 billion BESS order from Bondada Engineering

KP Green Engineering Limited Secures ₹2.39 Billion Orders Across Multiple Business Segments

SAEL bags solar module supply order from NTPC REL

Thailand Approves $1.99 Billion Investment in AI, Data Centres and Clean Energy

Latest Magazine

© 2016 – 2025 TechZone Print Media | All Rights Reserved

  • About Us
  • Contact Us
No Result
View All Result
  • News
  • Renewable
    • Solar
    • Rooftop
    • Floating Solar
    • Module
    • Wind
    • Hydrogen
    • Biomass
    • Tenders
    • Sustainibility
  • Storage
  • E-Mobility
  • Battery
  • Smart City
  • Power
    • Smart Grid
    • Microgrid
    • Off-Grid
  • Editor’s Pick
    • Articles
    • In Talks
    • E-MAG
    • Market Research
  • On-demand Webinars
  • More
    • Events
    • Contact Us
    • Subscribe

© 2016 - 2025 TechZone Print Media | All Rights Reserved