Chromium ZeroDay Vulnerability - 20260113001¶
Overview¶
Google Chrome has released a security update addressing insufficient policy enforcement in WebView tag in Google Chrome. This vulnerability allowed an attacker to convince a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Chromium-based Browsers - Google Chrome - Microsoft Edge - Brave - Opera - Vivaldi |
All versions prior to 143.0.7499.192 | CVE-2026-0628 | 8.8 | High |
What has been observed?¶
The WASOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WASOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):