This work presents a systematic security analysis of CVE-2026-0628, a high-severity (CVSS 8.8) privilege escalation vulnerability discovered in Google Chrome's Gemini Live AI side panel. The vulnerability was disclosed by Palo Alto Networks Unit 42 on October 23, 2025, and patched in Chrome 143.0.7499.192 on January 5, 2026.Background. The integration of large language model (LLM)-based assistants into web browsers — a trend accelerating sharply since late 2025 — has created an entirely new attack surface that existing browser security models were not designed to address. Unlike a standard browser tab, the AI panel context inherits browser-level privileges including direct access to camera, microphone, local filesystem, and screenshot capabilities, while sharing the same execution profile as third-party Chrome extensions.Methodology. The research employs a three-pronged approach: (1) systematic privilege boundary analysis grounded in the official CVE-2026-0628 advisory and the Unit 42 technical disclosure; (2) an automated permission audit of 117 Chrome Web Store extensions across five categories (productivity, developer tools, security/privacy, AI assistants, and social media), executed on June 7, 2026 using an open-source audit tool developed for this study; and (3) construction of a generalized threat model applicable to analogous platforms such as Microsoft Edge Copilot, Opera Aria, and Brave Leo.Key Findings. Of 54 successfully analyzed extensions, 40 (74.1%) held permission combinations sufficient to exploit CVE-2026-0628 — substantially higher than the 12.3% over-privilege rate reported in prior audits.The match pattern dominated, appearing in 72.5% of high-risk extensions.A notable security paradox emerged: the security/privacy extension category showed an 83.3% high-risk rate, indicating that protective tools are themselves heavily over-privileged.All three analyzed AI assistant extensions (100%) were high-risk, as they structurally require broad access. Contributions. The paper proposes three design principles applicable to any browser integrating AI components alongside third-party code: (1) explicit AI context isolation, (2) capability-based resource grants, and (3) supply chain awareness for extension–AI interactions. The findings argue that the structural conditions enabling CVE-2026-0628 are not Chrome-specific but represent a broader class of privilege boundary vulnerabilities likely to affect emerging AI-integrated browsers.Keywords: browser security, privilege escalation, AI integration, Chrome extension, CVE-2026-0628, declarativeNetRequest, attack surface, Gemini Live, AI panel security.Note: This is a preprint of a manuscript prepared for submission to TELKOMNIKA (Telecommunication, Computing, Electronics and Control), Universitas Ahmad Dahlan, Indonesia. Comments and feedback are welcome via the corresponding author.
Fadly Kasim (Sun,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: