Black & White Path

Mar 3, 2026 · Information Security

How Malicious Chrome Extensions Exploit Gemini AI to Steal Local Files (CVE‑2026‑0628)

The article dissects Chrome’s high‑severity CVE‑2026‑0628 zero‑day, showing how a policy enforcement flaw in the WebView tag lets malicious extensions hijack the privileged Gemini Panel to read local files, capture audio/video, take screenshots, and achieve privilege escalation, and outlines affected versions, risk assessment, and remediation steps.