CVE-2026-0628

A high-severity Chrome flaw (CVE-2026-0628, CVSS 8.8) allowed malicious browser extensions to hijack Chrome's AI Gemini panel, gaining access to cameras, microphones, local files, and screenshots. Discovered by Palo Alto Networks Unit 42 and patched in January 2026.

Severity

high

CVSS Score

8.8 / 10

Published

Mar 10, 2026

Affected Products

›Google Chrome — all versions prior to 143.0.7499.192 (Windows/Mac) and 143.0.7499.192 (Linux)
›Chrome's Gemini Live in Chrome panel (chrome://glic)

Full Analysis

"Glic Jack" — Chrome Vulnerability Let Malicious Extensions Hijack Gemini Panel and Access Your Camera, Files, and Mic

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles