How severe is CVE-2026-0628?

CVE-2026-0628 has a CVSS v3 score of 8.8 (HIGH).

CVE-2026-0628

Name: chrome
Author: google

8.8HIGH

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privi

发布于: 1/7/2026更新于: 1/12/2026

描述

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

AI分析AI驱动

受影响产品

googlechrome

参考资料

https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
Release Notes
https://issues.chromium.org/issues/463155954
Issue TrackingPermissions Required