Google Patches High-Severity "WebView" Flaw in Chrome 143

Google has announced an important security update for the Stable channel of its Chrome browser, rolling out patches to Windows, Mac, and Linux users to address a high-severity vulnerability that could compromise browser security policies.

The update pushes Chrome to version 143.0.7499.192/.193 for Windows and macOS, and 143.0.7499.192 for Linux. While the changelog is brief, the single security fix included is significant enough to warrant immediate attention.

The sole vulnerability addressed in this release is tracked as CVE-2026-0628 and carries a High severity rating. The flaw is described as “Insufficient policy enforcement in WebView tag.”

The <webview> tag is a powerful component in Chrome Apps that allows developers to embed “guest” content (like web pages) within their application, similar to an iframe but with a separate process and storage. By failing to enforce policies correctly within this tag, the browser could potentially allow malicious content to bypass security restrictions or escape its sandboxed environment.

The vulnerability was reported by security researcher Gal Weizman on November 23, 2025. While the exact bounty amount remains [TBD] pending the finalization of reward details, high-severity sandbox or policy bypasses in Chrome typically command significant payouts from Google’s Vulnerability Reward Program.

Google notes that access to the full bug details will be restricted until a majority of users have updated, preventing threat actors from reverse-engineering the patch to exploit unlatched browsers.

The update is currently rolling out and should reach all users over the coming days and weeks. Users can manually trigger the update by navigating to Help > About Google Chrome in their browser menu.

Rate this post

Related Posts:

Found this helpful?

Leave a Reply Cancel reply