Published on March 2, 2026
Bug in Google’s Gemini AI Panel Opens Door to Hijacking
Severity
High
A newly disclosed vulnerability has revealed that the AI-powered answer panel in Google’s Gemini can be manipulated by malicious websites, potentially allowing attackers to hijack the AI-generated content displayed to users. The issue affects how Gemini processes and summarizes web content for its AI Overview panel in search results. Security researchers demonstrated that specially crafted web pages can inject hidden instructions or misleading data into the content that Gemini ingests, causing the AI to generate altered, malicious, or deceptive responses directly within the search interface.
| CVE ID | Vulnerability Type | Impact | CVSS Score |
| CVE-2026-0628 | Missing Authorization | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension | 8.8 |
If successfully exploited, an attacker could:
- Manipulate AI-generated search summaries to include misleading or malicious instructions.
- Insert phishing URLs or fraudulent contact details into AI Overview responses.
- Override factual summaries with attacker-controlled narratives.
- Increase credibility of scams by leveraging trust in AI-generated answers.
Security researchers found that attackers can embed hidden text, CSS-styled invisible instructions, or prompt injection payloads within web pages. When Gemini crawls and summarizes the content, it may interpret these hidden instructions as part of the contextual data. Because large language models rely on contextual patterns rather than strict content validation rules, the model may prioritize injected instructions that appear authoritative or structured.
This type of attack does not compromise Google’s backend infrastructure directly. Instead, it exploits the trust model between AI summarization systems and publicly accessible web content. The AI processes malicious instructions as legitimate contextual signals, leading to altered output presented to end users.
Affected Products
Affected Components:
- Google Gemini AI Overview Panel
- AI-generated search summaries within Google Search
Recommendation
Organizations and users should not rely solely on AI-generated summaries for security-sensitive decisions. Always validate AI-generated responses against original source material.
For Web Administrators:
- Monitor for unauthorized content injection or compromise on websites.
- Implement strong content integrity controls and web application security protections.
For Security Teams:
- Educate users about AI hallucination and prompt injection risks.
- Use browser security controls and phishing detection tools to identify suspicious links embedded in AI-generated content.
- Track emerging AI-related threat intelligence as this attack vector represents a growing category of AI supply-chain and content-manipulation threats.
Source
https://thehackernews.com/2026/03/new-chrome-vulnerability-let-malicious.html
https://www.darkreading.com/endpoint-security/bug-google-gemini-ai-panel-hijacking