Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Google Chrome: Installing malicious extensions can steal user data
CVE-2026-3928
Summary
Google Chrome users who install malicious extensions before version 146.0.7680.71 are at risk of having their data stolen. An attacker can trick a user into installing a malicious extension, which can then steal user information. To fix this issue, update Google Chrome to version 146.0.7680.71 or later.
Original title
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted ...
Original description
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026