CVE-2026-0628 | THREATINT

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

PUBLISHED Reserved 2026-01-05 | Published 2026-01-06 | Updated 2026-01-08 | Assigner Chrome

Problem types

Insufficient policy enforcement

Product status

143.0.7499.192 (custom) before 143.0.7499.192

affected

References

chromereleases.googleblog.com/...nel-update-for-desktop.html

issues.chromium.org/issues/463155954

cve.org (CVE-2026-0628)

nvd.nist.gov (CVE-2026-0628)

Download JSON