CVE-2026-0628

HIGH

Google Chrome < 143.0.7499.192 - Missing Authorization

Title source: rule

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Exploits (4)

github WRITEUP 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-0628

View Code ZIP pw:eip

nomisec WRITEUP 1 stars

by sastraadiwiguna-purpleeliteteaming · poc

https://github.com/sastraadiwiguna-purpleeliteteaming/Dissecting-CVE-2026-0628-Chromium-Extension-Privilege-Escalation

View Code ZIP pw:eip

gitlab WRITEUP

by sastraadiwiguna-purpleeliteteaming · poc

https://gitlab.com/sastraadiwiguna-purpleeliteteaming/dissecting-cve-2026-0628-chromium-extension-privilege-escalation

View Code ZIP pw:eip

nomisec WORKING POC

by fevar54 · poc

https://github.com/fevar54/CVE-2026-0628-POC

View Code ZIP pw:eip

References (2)

[Release Notes] https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html

[Issue Tracking, Permissions Required] https://issues.chromium.org/issues/463155954

Scores

CVSS v3 8.8

EPSS 0.0003

EPSS Percentile 7.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (1)

google/chrome < 143.0.7499.192

Published Jan 07, 2026

Tracked Since Feb 18, 2026