Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Google Chrome: Malicious Extension Can Inject Code into Trusted Sites
CVE-2026-3063
Summary
If you use an older version of Google Chrome, a malicious extension can trick you into installing it, then inject scripts or HTML into trusted websites you visit, potentially allowing an attacker to steal sensitive information or take control of your account. To protect yourself, update to the latest version of Google Chrome.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| chrome | <= 145.0.7632.116 | – | |
| chrome | <= 145.0.7632.117 | – |
Original title
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileg...
Original description
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)
nvd CVSS3.1
5.4
- https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_... Release Notes
- https://issues.chromium.org/issues/485287859 Issue Tracking Permissions Required
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026