Unit42 discloses severe flaw in Google's Gemini

Palo Alto Networks

By Dylan Bushell-Embling
Friday, 13 March, 2026
Unit42 discloses severe flaw in Google's Gemini

Palo Alto Networks’ Unit42 has uncovered a high-severity vulnerability in Google’s new Gemini Live in Chrome AI feature that could be used for privilege escalation attacks.

The researchers disclosed they discovered the vulnerability and shared the issue with Google in October, and Google issued a fix in early January. The vulnerability could potentially have allowed malicious extensions with basic permissions to hijack the in-browser AI assistant, giving attackers access to webcams, microphones and private files, Unit 42 said.

Because the Gemini panel is treated as a trusted browser surface, influencing what loads inside it could allow privilege escalation even for browser extensions with only basic host permissions. Malicious extensions permitted to interact within the Gemini domain could intercept and modify JavaScript resources before they were rendered in the panel, effectively injecting code into content executing inside the panel.

This is because when loaded in the side panel, Gemini runs within a more privileged browser process than ordinary web pages have access to, the company said. This could even allow attackers to execute phishing attacks within the Gemini interface.

Palo Alto Networks SVP of Product Management Anupam Upadhyaya said while this vulnerability has been closed, the discovery underscores the security concerns associated with tech giants rushing to turn browsers into powerful AI agents.

“Today’s agentic browsers can act on your behalf — researching, reasoning and taking action without direct user input. While this can deliver meaningful productivity gains, in the absence of enterprise-grade controls these tools can take autonomous actions beyond IT oversight,” he said. “By inheriting a user’s browser session and accessing screens, files, cameras and microphones, agentic browsers can expand the attack surface through prompt manipulation and weakened web isolation, creating security and accountability gaps enterprises haven’t faced before.”

Image credit: iStock.com/DigitalVision

Related News

SentinelOne unveils identity security portfolio

SentinelOne has developed its security platform with capabilities aimed at safeguarding...

Bitdefender identifies new malware attack model

Bitdefender researchers have identified an attack technique known as vibeware, which involves...

Genetec launches cloud-native physical security tool

Genetec's Cloudlink 2210 has been designed to help enterprises complete complex deployments...

Content from other channels on our network

The MCX puzzle: The pieces are falling into place

Delivering carrier-grade mobile connectivity at Victoria Cross station

Victorian search and rescue dog teams save lives with new tech

The evolution of intelligent drones: essential infrastructure in multiple domains

Softil integrates MCX technology with Team Awareness Kit

Macquarie gets $200m investment from NRFC

Leaders unite to tackle cybersecurity gender gap

Queensland has Australia's highest cybercrime rate: Its new strategy points straight at the access layer

Ping Identity completes IRAP assessment

Why unified observability is emerging as government's next strategic priority

Introducing the new soon to be launched Digilent ADP2440 and ADP2450

Electronex 2026 to bring electronics innovation to Sydney

Flexible fibre actuator converts electricity into motion

Cortical Labs launches biological data centre in Melbourne

Photonic AI chip processes data at the speed of light

  • All content Copyright © 2026 Westwick-Farrow Pty Ltd