Google patches high-risk WebView flaw in first 2026 Chrome update
Take action: If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) patch your browser ASAP. No critical flaws in this update, but don't wait for the flaw to become actively exploited. Update now, it's trivial and all your tabs reopen after the update.
Learn More
Google released Chrome 143.0.7499.192/193 to patch a high-severity security flaw in its Chrome browser across all major platforms.
The flaw is tracked as CVE-2026-0628 (CVSS score 8.8) - Insufficient policy enforcement in the WebView tag allows script or HTML injection via a crafted malicious extension. The browser fails to check the origin of content correctly or consistently. This allows a malicious extension to inject scripts or HTML into privileged pages if a user installs it. By gaining access to privileged pages, an attacker could potentially interfere with browser functions or steal sensitive data handled by the WebView component.
Google has not detected active exploitation of this flaw.
Google released the fix for Windows, macOS, Linux, and Android. The official release notes indicate that the fix is rolling out over the coming days.
Users can check their browser version by navigating to the Help > About Google Chrome menu. Most desktop versions will update automatically, but manual checks ensure the patch is active. Google plans to release Chrome 144 on January 13, 2026, which will include further security improvements.
