Google has released an urgent security update for the Chrome browser to address a high-severity vulnerability in the WebView tag component that could allow attackers to bypass critical security restrictions.
Google rolled out Chrome version 143.0.7499.192/.193 for Windows and Mac, and 143.0.7499.192 for Linux, through its Stable channel, to address CVE-2026-0628.
The update is being rolled out to users gradually over the coming days and weeks. The security flaw, tracked as CVE-2026-0628, stems from insufficient policy enforcement in the WebView tag component.
| CVE ID | Severity | Component | Description |
|---|---|---|---|
| CVE-2026-0628 | High | WebView tag | Insufficient policy enforcement in the WebView tag. |
WebView Issue Exposes Apps to Attacks
WebView is a crucial Chrome component that enables applications to display web content within their interfaces without launching a full browser.
A high-severity rating means attackers could bypass security controls, leading to unauthorized access, data leaks, or the execution of malicious code in apps that use WebView.
In line with responsible disclosure practices, Google has temporarily restricted access to detailed bug information until most users have installed the security patch.
This approach prevents malicious actors from exploiting the vulnerability while users update their systems.
Google acknowledged contributions from external security researchers and emphasized its commitment to collaborative security efforts.
Google employs multiple detection methodologies, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to identify vulnerabilities during development cycles.
Users should immediately update Chrome to the latest version by navigating to Settings > Help > About Google Chrome. The browser will automatically check for and install available updates.
Organizations using Chrome in enterprise environments should prioritize deploying this security patch across their infrastructure.
Google continues to encourage security researchers to report vulnerabilities through its bug bounty program, reinforcing the importance of collaborative security in protecting users worldwide.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
