Vulnerability CVE-2026-0628: Information

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Severity: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
URL: https://nvd.nist.gov/vuln/detail/CVE-2026-0628
Published: Jan. 7, 2026
Modified: Jan. 12, 2026
Error type identifier: CWE-862

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus143.0.7499.192-alt1144.0.7559.96-alt1ALT-PU-2026-1095-1404551Fixed
chromiump11143.0.7499.192-alt0.p11.1143.0.7499.192-alt0.p11.1ALT-PU-2026-1190-2404623Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
  • Release Notes
https://issues.chromium.org/issues/463155954
  • Issue Tracking
  • Permissions Required
    1. cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
      End excluding
      143.0.7499.192
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v25.10.0
Back to top