Google warns of critical Gemini Live vulnerability: How to fix
A critical security flaw in Google Chrome's Gemini Live feature could let shady browser extensions sneak into the AI panel and grab your sensitive info.
Known as CVE-2026-0628, this bug hits all Chrome versions before 143.0.7499.192 and was flagged by Palo Alto Networks's Unit 42 on March 2, 2026.
What is the Gemini Live panel?
Gemini Live is Chrome's AI-powered panel that can automate tasks using your camera, mic, screenshots, and files—basically, it has a lot of access.
But the vulnerability involved insufficient policy enforcement in the WebView tag that permitted injection affecting the Gemini panel, allowing malicious extensions to inject code and take control.
How to fix the issue?
Attackers could turn on your camera or mic without asking, swipe local files or screenshots, or even trick you with phishing attacks—definitely not cool for privacy.
Google fixed this in January, shipping Chrome 143.0.7499.192 for Windows, Mac, and Linux and 143.0.7499.193 for Windows and Mac.
If you see an update prompt in your address bar, hit it ASAP to stay safe!