Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted ...
DEBIAN-CVE-2026-3928
Summary
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
What to do
- Update debian chromium to version 146.0.7680.71-1~deb12u1.
- Update debian chromium to version 146.0.7680.71-1~deb13u1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| debian | chromium | All versions | – |
| debian | chromium | <= 146.0.7680.71-1~deb12u1 | 146.0.7680.71-1~deb12u1 |
| debian | chromium | <= 146.0.7680.71-1~deb13u1 | 146.0.7680.71-1~deb13u1 |
| debian | chromium | All versions | – |
Original title
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted ...
Original description
Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
- https://security-tracker.debian.org/tracker/CVE-2026-3928 Vendor Advisory
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 14 Mar 2026