#VU121005 Permissions, Privileges, and Access Controls in Google Chromium - CVE-2026-0628

Cybersecurity Help s.r.o.

Published: 2026-01-06

Vulnerability identifier: #VU121005

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2026-0628

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chromium
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient policy enforcement in WebView tag in Google Chrome. A remote attacker can trick the victim to visit a specially crafted website, bypass implemented security measures and compromise the affected system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Google Chromium: 143.0.7499.0 - 143.0.7499.191

External links
https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop.html
https://crbug.com/463155954

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Prisma Access Browser

Debian update for chromium

Security restrictions bypass in Microsoft Edge

Security restrictions bypass in Google Chrome