Google kicked off 2026 with a bang for Chrome customers.
On Jan. 6, 2026, Google launched Chrome 143.0.7499.192/.193 for Home windows and Mac, and 143.0.7499.192 for Linux, through the Secure channel.
This launch addresses CVE-2026-0628, a high-severity vulnerability in Chrome’s WebView element, which is broadly used to show net content material inside apps with out opening a full browser. In accordance with Google, the flaw stems from “inadequate coverage enforcement in WebView tag.” In follow, this implies a malicious extension or payload may bypass safety controls, probably injecting scripts or HTML into privileged pages.
Safety researcher Gal Weizman reported the problem on Nov. 23, 2025, prompting Google to behave rapidly to guard roughly 3 billion Chrome customers throughout desktop and Android gadgets.
Google has begun rolling out the replace steadily, which suggests some customers might even see it instantly, whereas others will get it within the coming days or even weeks. To replace manually, merely go to Settings > Assist > About Google Chrome. The browser will examine for and apply the replace, however you should restart it for the patch to activate.
Charge-limiting push notifications
Past the safety patch, Google is introducing a “hidden” improve to make your looking expertise a lot quieter. Beginning this month, Chrome is cracking down on web sites that bombard you with undesirable pop-ups.
Rob Kochman, a bunch product supervisor at Google, defined that whereas push notifications might be helpful, they’re typically misused.
“Many people have skilled it: a web site that bombards us with a relentless stream of notifications that aren’t related or beneficial,” Kochman wrote.
To battle this, Chrome will now mechanically “price restrict” websites that ship too many messages to customers who aren’t really interacting with them. If a web site is deemed “disruptive,” Google will cap its messages to not more than 1,000 per minute. In the event that they proceed to interrupt the foundations, the penalty can last as long as 14 days.
Why this issues
WebView vulnerabilities are particularly harmful as a result of they prolong past the browser itself, affecting numerous apps and in-app browsers. Unpatched methods may enable attackers to steal delicate information or execute malicious code inside apps that customers belief.
In the meantime, notification spam has lengthy pissed off customers, making this dual-update method each a safety and usefulness win.
Additionally learn: Seven tech predictions enterprise leaders are watching in 2026.
