CVE-2026-0628
📋 TL;DR
This vulnerability allows attackers who convince users to install malicious Chrome extensions to inject scripts or HTML into privileged pages through WebView tags. It affects Google Chrome users running versions before 143.0.7499.192. The attack requires user interaction to install a malicious extension.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of browser session, theft of sensitive data, execution of arbitrary code in privileged context, and potential system compromise through chained attacks.
Likely Case
Session hijacking, credential theft, data exfiltration from privileged pages, and unauthorized access to sensitive browser data.
If Mitigated
Limited impact with proper extension vetting and user education; isolated to browser session without system compromise.
🎯 Exploit Status
Exploitation requires social engineering to install malicious extension; no public exploit code known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.192 and later
Vendor Advisory: https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome settings 2. Click 'About Chrome' 3. Allow auto-update to 143.0.7499.192+ 4. Restart Chrome when prompted
🔧 Temporary Workarounds
Disable Chrome Extensions
allTemporarily disable all extensions to prevent exploitation
chrome://extensions/ → Toggle all extensions OFF
Restrict Extension Installation
windowsConfigure Chrome policies to block extension installation
Windows: Group Policy Editor → Computer Configuration → Administrative Templates → Google → Google Chrome → Extensions → Configure extension installation block list = *
🧯 If You Can't Patch
- Implement strict extension whitelisting policies
- Educate users about risks of installing unknown extensions
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in settings; if below 143.0.7499.192, vulnerableCheck Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 143.0.7499.192 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual extension installation events
- Multiple WebView tag creation attempts
- Privileged page access from extensions
Network Indicators:
- Unexpected connections from Chrome to external domains after extension installation
SIEM Query:
source="chrome_extension_logs" AND (event="extension_install" AND user_interaction="true") OR (event="webview_injection" AND page_type="privileged")