A：该漏洞可能允许恶意扩展程序控制Chrome的Gemini Live面板，实现权限升级。攻击者可以在未经许可的情况下访问受害者的摄像头和麦克风，对任何网站进行截屏，访问本地文件，并向特权页面注入恶意脚本或HTML代码。

谷歌Chrome浏览器内置的Gemini AI助手被发现存在一个高危安全漏洞（CVE-2026-0628），攻击者无需用户任何额外操作，仅需用户启动浏览器内置的AI面板，即可实现未经授权的摄像头和麦克风访问、本地文件窃取以及钓鱼攻击。

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...

Google is changing how Chrome extensions work on the desktop and Chromebooks. While the Manifest V3 changes are billed as ways to improve safety and efficiency, the way they also limit how adblocking ...

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources ...

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay protected.

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was ...

Do you mostly use browsers for all your computing needs? By using virtual desktops instead of browser tabs, you get real ...

The Detroit project envisioned using JavaScript as an extension language for Java applications. Now it’s being revived with ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...