Google Chrome's Gemini Live had a major security flaw
A major security flaw in Google Chrome's Gemini Live feature let some browser extensions sneakily grab extra powers, like accessing your camera, microphone, and files, without you knowing.
Security researcher Gal Weizman reported the issue in October 2025, and Google has since rolled out a fix.
A malicious extension could exploit Gemini Live
Gemini Live, a Gemini (AI) feature in Chrome, gave certain web apps special access.
Security researchers found that a malicious extension, if installed by a user, could be used to inject code into Gemini Live, letting them do things like turn on your camera or take screenshots, all without asking you first.
They could even turn the panel into a fake login page for phishing.
Google fixed the issue in January
Google patched this hole in January 2026 with Chrome version 143.0.7499.192.
If you haven't updated yet, do it as soon as possible!
This is a good reminder: keeping your browser up to date is one of the easiest ways to protect yourself from sneaky attacks like this.