Request a Demo
Rewterz
Phishing Attack Impersonates Google Support to Steal Logins
January 6, 2026
Rewterz
CISA Warns of Microsoft PowerPoint Code Injection Flaw Actively Exploited
January 8, 2026

Chrome WebView Flaw Enables Security Bypass

Severity

High

Analysis Summary

Google has issued an urgent security update for its Chrome browser to address a high-severity vulnerability in the WebView tag component, tracked as CVE-2026-0628. This flaw stems from insufficient policy enforcement in WebView, a core Chrome feature that allows applications to display web content within their interfaces without launching a full browser. If exploited, this vulnerability could allow attackers to bypass critical security restrictions, potentially leading to unauthorized access, data leakage, or execution of malicious code in affected apps.

The update, delivered through Chrome’s Stable channel, includes version 143.0.7499.192/.193 for Windows and Mac, and 143.0.7499.192 for Linux. Google is gradually rolling out the patch over the coming days and weeks to ensure smooth deployment. In line with responsible disclosure practices, detailed information about the vulnerability has been temporarily restricted to prevent exploitation before the majority of users receive the update.

The WebView component plays a critical role in many applications, making this vulnerability particularly serious. Google’s high-severity rating indicates that attackers could exploit the flaw to bypass security controls within apps, potentially compromising sensitive user data. To identify such vulnerabilities during development, Google uses multiple detection methodologies, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, reflecting its proactive approach to security.

Google strongly urges users to update Chrome immediately by navigating to Settings > Help > About Google Chrome, where the browser will automatically check for and install available updates. Enterprise organizations should prioritize deploying this security patch across their infrastructure to mitigate potential risks. Additionally, Google continues to encourage collaborative security through its bug bounty program, acknowledging the contributions of external researchers in identifying and addressing vulnerabilities to protect users globally.

Impact

  • Gain Access
  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2026-0628

Affected Vendors

Google

Remediation

  • Immediately update Chrome.
  • Navigate to Settings > Help > About Google Chrome to check for updates. The browser will automatically download and install the latest version.
  • Ensure your system is running Chrome 143.0.7499.192/.193 (Windows/Mac) or 143.0.7499.192 (Linux) after the update.
  • Organizations should prioritize deploying this update across all endpoints to minimize exposure to attacks targeting WebView-based applications.
  • Limit use of applications that rely on WebView in high-risk environments until the patch is applied.
  • Review logs and application behavior for unusual access attempts or data anomalies that could indicate exploitation.
  • Participate in collaborative security programs like Google’s bug bounty to identify and address future vulnerabilities.