VDB
CVE-2026-0628
CVE-2026-0628
PUBLISHED
CVSS 8.600000381469727 HIGH
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
EPSS 0.01% · 1.6th percentile
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.01%
1.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Edge | |
| chrome | 0, 0 | |
| Chrome | 143.0.7499.192, 143.0.7499.192 |
Exploit Intelligence
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
- CIRCL seen: CVE-2026-0628 (circl-sighting)
…and 80 more exploits
Timeline
- Jan 6, 2026 CVE Published
- Jan 7, 2026 EPSS Score
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
- Jan 7, 2026 PoC Published
References
- https://security.paloaltonetworks.com/PAN-SA-2026-0001 advisory
- https://security.paloaltonetworks.com/CVE-2026-0227 advisory
- https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html url
- https://issues.chromium.org/issues/463155954 url
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-0628 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0628 advisory