How severe is CVE-2026-0628?

CVE-2026-0628 has a CVSS v3 score of 8.8 (HIGH).

CVE-2026-0628

Name: chrome
Author: google

8.8HIGH

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privi

Published: 1/7/2026Updated: 1/12/2026

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

AI AnalysisPowered by AI

Affected Products

googlechrome

References

https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
Release Notes
https://issues.chromium.org/issues/463155954
Issue TrackingPermissions Required