CyberSecurity News

Chrome WebView Vulnerability Lets Hackers Bypass Security

Google has released an urgent security update for the Chrome WebView Vulnerability within the WebView tag component. If exploited, the flaw could allow attackers to bypass critical security...

Marcus Rodriguez
Marcus Rodriguez
January 7, 2026 2 Min Read
76 0

Google has released an urgent security update for the Chrome WebView Vulnerability within the WebView tag component. If exploited, the flaw could allow attackers to bypass critical security restrictions.

Google rolled out Chrome version 143.0.7499.192/.193 for Windows and Mac, and 143.0.7499.192 for Linux, through its Stable channel, to address CVE-2026-0628.

The update is being rolled out to users gradually over the coming days and weeks. The security flaw, tracked as CVE-2026-0628, stems from insufficient policy enforcement in the WebView tag component.

CVE ID Severity Component Description
CVE-2026-0628 High WebView tag Insufficient policy enforcement in the WebView tag.

WebView Issue Exposes Apps to Attacks

WebView is a crucial Chrome component that enables applications to display web content within their interfaces without launching a full browser.

A high-severity rating means attackers could bypass security controls, leading to unauthorized access, data leaks, or the execution of malicious code in apps that use WebView.

In line with responsible disclosure practices, Google has temporarily restricted access to detailed bug information until most users have installed the security patch.

This approach prevents malicious actors from exploiting the vulnerability while users update their systems.

Google acknowledged contributions from external security researchers and emphasized its commitment to collaborative security efforts.

Google employs multiple detection methodologies, including AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL, to identify vulnerabilities during development cycles.

Users should immediately update Chrome to the latest version by navigating to Settings > Help > About Google Chrome. The browser will automatically check for and install available updates.

Organizations using Chrome in enterprise environments should prioritize deploying this security patch across their infrastructure.

Google continues to encourage security researchers to report vulnerabilities through its bug bounty program, reinforcing the importance of collaborative security in protecting users worldwide.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitHackerPatchSecurityVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

No Comment! Be the first one.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts