A high-severity vulnerability in Google Chrome — nicknamed "Glic Jack" by researchers — allowed malicious browser extensions to hijack Chrome's built-in Gemini AI panel and inherit its powerful system-level privileges. Tracked as CVE-2026-0628 with a CVSS score of 8.8, the flaw meant that an extension with only basic permissions could silently access a victim's camera and microphone, take screenshots of any website, and read local files — all without additional user consent. Discovered by security researchers and responsibly disclosed to Google in October 2025, the vulnerability was patched in Chrome version 143.0.7499.192 released on January 6, 2026. The story is now public, and it raises a critical question for the industry: as AI gets baked deeper into browsers, are we creating new attack surfaces faster than we can secure them?
Affected products
- ·Google Chrome — all versions prior to 143.0.7499.192 (Windows/Mac) and 143.0.7499.192 (Linux)
- ·Chrome's Gemini Live in Chrome panel (chrome://glic)
How to Fix
Step-by-step remediation
The patch is already out. Google released the fix in Chrome version 143.0.7499.192 for Windows, Mac, and Linux in early January 2026. To check your version, open Chrome, click the three-dot menu, go to Help → About Google Chrome, and let it update automatically. Beyond patching, this vulnerability is a reminder to treat your browser extensions as seriously as the apps on your phone. Go to chrome://extensions, audit what is installed, and remove anything unfamiliar. Install as few extensions as possible from publishers you can identify and verify. Be suspicious of sudden permission changes or unexplained new capabilities appearing after an extension updates.
What happened
Chrome's Gemini side panel uses a special chrome://glic URL that loads the Gemini web app inside a WebView component. Google added Gemini integration to Chrome in September 2025. The panel is not just a chatbot — it is tightly integrated into the browser and can grab screenshots, read local files, and turn on your camera or microphone to automate tasks. The flaw arose from a simple oversight: Chrome engineers failed to include the chrome://glic WebView in the blocklist that prevents extensions from intercepting privileged browser components. That missing entry meant that an attacker using Chrome's declarativeNetRequest API — a fairly standard extension permission — could inject JavaScript code directly into the Gemini panel and gain access to everything Gemini was authorized to do. The attack was dubbed Glic Jack — short for Gemini Live in Chrome hijack.
Real-World Impact
In an enterprise environment, a malicious extension gaining access to the cameras, microphones, and local files of workers is a serious organizational risk. The attack vector is deceptively simple — a user installs what appears to be a harmless extension, and that extension quietly inherits Gemini's system-level access. The Gemini panel could also be made to display phishing content inside what users see as a trusted browser component, making those attacks far more convincing than injecting content into a normal web page. In workplaces where browser extensions are routinely installed with limited review, a single socially engineered installation could create an internal foothold inside a trusted browser context. The broader warning from the security community: the more power you give software in the name of convenience, the more carefully you need to guard who else might access that power.
Technical Details
🛡️ Prevention Tips
This flaw is part of a larger trend that will only intensify as AI becomes more embedded in everyday software. For security teams, every new AI browser feature should be treated as a new privileged component that needs auditing the same way you would audit a new system application. With each new AI capability added to Chrome, the same class of oversight is possible unless engineers explicitly protect each new context. Monitor for anomalies — cameras activating unexpectedly, unexplained screenshots, or browser processes touching unusual file paths are all warning signs worth investigating.
FAQs
I use Chrome. Am I at risk right now?
Not if you're on a current version. Google patched this in Chrome 143.0.7499.192, released January 6, 2026. Go to chrome://settings/help to confirm your version. If you haven't updated since December 2025, update immediately.
What is the Gemini panel in Chrome?
It's an AI assistant sidebar built into Chrome that can view your open tabs, take screenshots, read files, and use your camera and microphone to help automate tasks. Google rolled it out in September 2025. This deep system access is exactly what made this vulnerability dangerous.
Read Next
apt · transparent tribe
Transparent Tribe Uses AI to Mass-Produce Malware in Campaign Targeting India
chrome · zero day
Google Patches Two Chrome Zero-Days Actively Exploited in the Wild — Skia and V8 Engine Both Affected
chrome · browser
Chrome History Leak Bug Lets Malicious Sites Track Your Browsing — Update to Latest Version Now
openai · chatgpt
OpenAI Patches Two Critical Vulnerabilities: ChatGPT Data Exfiltration via Side Channel and Codex Command Injection Exposing GitHub Tokens
cve 2026 3888 · ubuntu