Google Chrome Pushes Critical Security Update for 3B Users
Google kicked off 2026 with a bang for Chrome users.
On Jan. 6, 2026, Google released Chrome 143.0.7499.192/.193 for Windows and Mac, and 143.0.7499.192 for Linux, via the Stable channel.
This release addresses CVE-2026-0628, a high-severity vulnerability in Chrome’s WebView component, which is widely used to display web content within apps without opening a full browser. According to Google, the flaw stems from “insufficient policy enforcement in WebView tag.” In practice, this means a malicious extension or payload could bypass security controls, potentially injecting scripts or HTML into privileged pages.
Security researcher Gal Weizman reported the issue on Nov. 23, 2025, prompting Google to act quickly to protect roughly 3 billion Chrome users across desktop and Android devices.
Google has begun rolling out the update gradually, which means some users may see it immediately, while others will get it in the coming days or weeks. To update manually, simply go to Settings > Help > About Google Chrome. The browser will check for and apply the update, but you must restart it for the patch to activate.
Rate-limiting push notifications
Beyond the security patch, Google is introducing a “hidden” upgrade to make your browsing experience much quieter. Starting this month, Chrome is cracking down on websites that bombard you with unwanted pop-ups.
Rob Kochman, a group product manager at Google, explained that while push notifications can be useful, they are often misused.
“Many of us have experienced it: a website that bombards us with a constant stream of notifications that aren’t relevant or valuable,” Kochman wrote.
To fight this, Chrome will now automatically “rate limit” sites that send too many messages to users who aren’t actually interacting with them. If a site is deemed “disruptive,” Google will cap its messages to no more than 1,000 per minute. If they continue to break the rules, the penalty can last up to 14 days.
Why this matters
WebView vulnerabilities are especially dangerous because they extend beyond the browser itself, affecting countless apps and in-app browsers. Unpatched systems could allow attackers to steal sensitive data or execute malicious code inside apps that users trust.
Meanwhile, notification spam has long frustrated users, making this dual-update approach both a security and usability win.
Also read: Seven tech predictions enterprise leaders are watching in 2026.
About Author
