Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and surveillance.

The now-patched flaw is the latest in a growing string of security issues with the viral AI tool, which has seen rapid adoption among developers.