CVE-2026-0628HIGH 8.8EPSS p92.9%

CVE-2026-0628CVE-2026-0628

Description

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS6.54% probability of exploitation · percentile 92.9% · 2026-06-19T12:03:05Z
Published2026-01-07
Last modified2026-01-12

Underlying weaknesses· 1

CWE-862

References

  1. https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
  2. https://issues.chromium.org/issues/463155954

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-11062
CVE
CVE-2026-11014
CVE
CVE-2026-11026
CVE
CVE-2026-10997
CVE
CVE-2026-11267
CVE
CVE-2026-11149
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.