Gemini Flaw in Chrome Could Have Let Malicious Extensions Spy on Users

SammyGuru is reader-supported. We have affiliate and sponsored partnerships, so we may earn a commission when you buy through links on our site — at no extra cost to you. Learn more.

Gemini is slowly becoming part of many products, including the Chrome browser. But a newly discovered security flaw shows how risky that deep integration can sometimes be. Researchers recently uncovered a critical vulnerability involving Gemini in Chrome. This vulnerability could have allowed malicious browser extensions to spy on users and access sensitive data.

A Gemini vulnerability in Chrome could spy on users

According to a report from Android Headlines, the vulnerability affected Gemini in Chrome. That is the AI assistant panel built directly into the browser. Security researchers found that attackers could potentially exploit the Gemini interface through malicious Chrome extensions. As a result, they could gain access to functions normally restricted inside the browser.

The vulnerability stemmed from how Chrome handled the Gemini panel’s internal WebView component. In certain situations, a malicious, a malicious extension could inject JavaScript code into the Gemini interface. It could then run that code with higher privileges than the extension normally has. 

Once attackers gained control of the Gemini panel, they could potentially activate the camera or microphone. They could take screenshots of browser tabs, access local files stored on the device, or perform phishing attacks using the trusted Gemini interface.

Because Gemini needs deeper access to the browser to assist users with tasks, it already operates with higher privileges than typical extensions. That design helps the AI interact with webpages and automate actions. However, it also increases the attack surface if vulnerabilities appear.

Google has already patched the issue

The good news is that Google has already addressed the vulnerability. The company released a fix in recent Chrome updates with versions 143.0.7499.192 and 143.0.7499.193 for Windows and macOS operating systems. This closed the security hole before attackers could widely exploit it.

Security researchers disclosed the issue responsibly, giving Google time to patch the problem before publicly discussing it. If you keep Chrome updated to the latest version, you are already protected from this vulnerability.

Features like Gemini turn browsers into such more powerful tools. Instead of just loading websites, modern browsers can now summarize content, automate tasks, and interact with pages on behalf of the user. However, these capabilities require deeper system access. This can introduce new security risks if something goes wrong.

For now, the incident serves as a reminder. Keeping your browser updated and limiting unnecessary extensions remains one of the best ways to stay safe online.

Written by

David Buliga

David Buliga is a Romanian writer at SammyGuru, where he covers the Samsung and Android ecosystem with a focus on apps, software features, and the trends shaping how we actually use our devices — from Galaxy Watch apps to One UI 9, plus the occasional opinion piece. He joined SammyGuru in 2026 after previously creating entertainment content on YouTube, producing animations and gameplay videos. Currently pursuing a Bachelor's degree in Applied Electronics and Telecommunications, David is passionate about consumer technology and enjoys getting under the hood of smartphones to see what makes them tick. Outside of tech, he loves listening to music, reading books, photography, and exploring the random ideas that often inspire his next story.

More from David Buliga →