anonhaven
Ad

CVE-2026-0628

HIGH CVSS 3.1: 8.8 EPSS 0.03%
Updated Jan 12, 2026
Google
Parameter Value
CVSS 8.8 (HIGH)
Affected Versions before 143.0.7499.192
Fixed In 143.0.7499.192
Type CWE-862 (Missing Authorization)
Vendor Google
Public PoC No

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-862 Missing Authorization

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Google Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
 143.0.7499.192

References 2

https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop…
chrome-cve-admin@google.com
https://issues.chromium.org/issues/463155954
chrome-cve-admin@google.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-0049

Java

6.2

CVE-2025-48651

Google

5.5

CVE-2026-5287

Microsoft

8.8

CVE-2026-5285

Microsoft

8.8

CVE-2026-5281

Microsoft

8.8