Severe Chrome Bug Let Extensions Hijack Gemini AI Assistant

The vulnerability, discovered by Palo Alto Networks' Unit 42 researcher Gal Weizman, stemmed from an insufficient policy enforcement in Chrome's WebView tag. This flaw allowed a malicious extension with only basic permissions to inject JavaScript code into the privileged Gemini side panel. The exploit required no user interaction beyond the user initiating a Gemini session. Google was privately notified of the issue, tracked as CVE-2026-0628, on October 23, 2025, and released a patch in early January 2026. This incident highlights the expanded attack surface created by agentic AI integrated directly into browsers. By design, these AI assistants require privileged access to summarize content, automate tasks, and understand the active webpage, creating a new, powerful intermediary that can be hijacked. Security researchers have warned that this architecture reintroduces risks like cross-site scripting (XSS) and privilege escalation into the highly-trusted context of the browser itself. For enterprise environments, the security of AI agents is a significant barrier to adoption. In a recent survey, 68% of technology leaders cited data leakage as a top concern, with 60% worried about over-privileged access for AI agents. The complexity of orchestrating multiple models, APIs, and external systems is also a major challenge, cited by 48% of organizations as an obstacle to scaling agentic AI. The transition from a hands-on engineering role to a CTO at a B2B SaaS company requires a shift in focus from coding to strategic leadership. An effective CTO at a scaling company must excel at hiring senior engineers, setting architectural direction without micromanaging, and aligning technology decisions with business goals. This involves understanding trade-offs, managing budgets, and communicating the technology vision to the board and investors. In the adtech landscape, the focus for 2026 is on navigating a privacy-first world without third-party cookies. Key trends include the activation of first-party data, the use of data clean rooms and identity graphs for secure data collaboration, and smarter, AI-powered contextual targeting. There is also a significant push toward measuring ad performance based on attention metrics rather than just impressions. The 2026 Formula 1 season kicks off in Australia with one of the biggest regulation shake-ups in its history, impacting both the chassis and power units simultaneously. The new 1.6-litre V6 hybrid engines will feature a significant increase in electrical power, with the MGU-K motor's output tripling to 350kW. The cars are also smaller and lighter, with the minimum weight dropping by 30kg, which is expected to make them more nimble. London's tech ecosystem remains the largest in Europe, having attracted €21.5 billion in investment in 2025. Key sectors driving this growth include FinTech, AI, B2B SaaS, and Climate Tech. In local news, London's Deputy Mayor for Housing recently unveiled 46 new council homes in Haringey as part of a larger plan to deliver 3,000 new homes by 2031.