Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies.
The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2026-0628 |
| Severity | High |
| Component | Chrome WebView |
| Vulnerability Type | Insufficient Policy Enforcement |
The vulnerability stems from insufficient policy enforcement in the WebView tag, a critical component used by Chrome and many Android applications to render web content.
By exploiting this weakness, attackers could potentially circumvent security controls designed to prevent unauthorized actions, such as unwanted script execution or data access.
WebView serves as the backbone for web content rendering across thousands of applications. When security policies fail in this component, the impact extends far beyond the browser, affecting any app that uses WebView for in-app browsing.
The patch affects Windows, macOS, and Linux users running Chrome. The update will roll out gradually over the coming days and weeks.
Google has restricted detailed information about the vulnerability until the majority of users install the fix, preventing bad actors from weaponizing the exploit before patch adoption reaches critical mass.
Security researcher Gal Weizman reported the issue on November 23, 2025, giving Google time to develop and test the fix before public disclosure. Install Chrome 143.0.7499.192/.193 immediately when prompted.
Users can manually check for updates by navigating to Settings > About Chrome, which will trigger an automatic scan for available updates. After updating, restart your browser to activate the security patch.
This vulnerability highlights the ongoing cat-and-mouse game between security researchers and threat actors.
Google’s commitment to rapid patching underscores the importance of keeping software up to date delays in updates significantly increase exposure to exploit attacks.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.