THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesJun 3, 2026

Malicious Notifications Could Trick Google Gemini Users

Prompt injection flaw in Google Gemini voice assistant enables hidden malicious commands via notifications.

Read at source

Summary

A prompt injection vulnerability in Google Gemini's voice assistant allows attackers to embed malicious commands within notifications that users receive, potentially enabling social engineering attacks and unauthorized actions. The flaw exploits the assistant's processing of notification content, which can be manipulated to execute unintended commands or trick users into providing sensitive information.

Entities

Google Gemini (product)Google (vendor)Voice Assistant (technology)