CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

Microsoft Edge (Chromium) < 143.0.3650.139 (CVE-2026-0628)

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.139. It is, therefore, affected by a vulnerability as referenced in the January 9, 2026 advisory. - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker...

Fedora 44 : cef (2026-94d266def6)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-94d266def6 advisory. Automatic update for cef-143.0.13^chromium143.0.7499.192-1.fc44. Changelog Fri Jan 9 2026 Than Ngo - 143.0.13^chromium143.0.7499.192-1 - Update to...

Security update for chromium, noopenh264 (important)

openSUSE Security Update: Security update for chromium, noopenh264 Announcement ID: openSUSE-SU-2026:0006-1 Rating: important References: 1256067 Cross-References: CVE-2026-0628 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:...

Security update for chromium, noopenh264 (important)

openSUSE Security Update: Security update for chromium, noopenh264 Announcement ID: openSUSE-SU-2026:0004-1 Rating: important References: 1256067 Cross-References: CVE-2026-0628 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

SUSE CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

Fedora 44 : chromium (2026-5551bc920f)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-5551bc920f advisory. Automatic update for chromium-143.0.7499.192-1.fc44. Changelog Wed Jan 7 2026 Than Ngo - 143.0.7499.192-1 - Update tp 143.0.7499.192 High CVE-2026-0628:...

Exploit for CVE-2026-0628

CVE-2026-0628-POC Prueba de concepto PoC para CVE-2026-0628,...

DEBIAN-CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-0628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extensio...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

PT-2026-1549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.192 Description Insufficient policy enforcement in the WebView tag allows a remote attacker to inject scripts or HTML into privileged pages via a crafted Chrome extension. This issue can be exploited ...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 463155954 High CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman on 2025-11-23...

Stable Channel Update for Desktop

The Stable channel has been updated to 143.0.7499.192/.193 for Windows/Mac and 143.0.7499.192 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...