The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security warning for Google Chrome users, urging immediate action to prevent potential exploitation. The advisory, published on October 30, 2025, highlights multiple vulnerabilities in Chrome’s core components that could allow remote attackers to compromise user systems simply by luring them to a malicious webpage.
According to CERT-In, these flaws affect Chrome users across Windows, macOS, and Linux platforms. Millions of users in India are urged to update their browsers immediately to mitigate the threat.
Vulnerabilities Detected in Chrome
The government’s alert details several critical issues, including:
- Type confusion in V8, Chrome’s JavaScript engine
- Inappropriate implementation flaws in V8, Extensions, App-Bound Encryption, and Autofill
- Object lifecycle vulnerabilities in Media components
- Race conditions and out-of-bounds reads in V8 and WebXR
- Incorrect security interfaces in Omnibox, Fullscreen UI, and SplitView
- Policy bypass and use-after-free errors in Extensions, PageInfo, and Ozone
“A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted webpage,” CERT-In warned in its bulletin, noting that successful exploitation could allow hackers to execute arbitrary code or gain unauthorized access to sensitive data.
These flaws affect multiple critical functions within Chrome’s architecture—ranging from JavaScript execution to rendering and data encryption—making them particularly dangerous.
Who is at Risk?
All Chrome users operating versions prior to the following builds are vulnerable to exploitation:
- Linux: Chrome versions before 142.0.7444.59
- Windows: Chrome versions before 142.0.7444.59/60
- macOS: Chrome versions before 142.0.7444.60
Users running any of these earlier builds are strongly advised to update immediately. Google has already released patches addressing the vulnerabilities in the latest stable channel updates.
How to Update Chrome on Windows, macOS, and Linux
To ensure protection, users should follow these steps to update Google Chrome:
- Open Chrome and click the three-dot menu in the top-right corner.
- Navigate to Settings → About Chrome.
- Chrome will automatically check for and install the latest update.
- Restart the browser to apply security patches.
Google has confirmed that the latest release includes fixes for all vulnerabilities mentioned by CERT-In. The company continues to emphasize the importance of timely updates as a defense against active exploitation campaigns.
Why This Matters
Chrome’s ubiquity across personal and enterprise environments makes such vulnerabilities a significant national security concern. Attackers leveraging browser flaws can steal credentials, inject malware, or gain remote system access—all through simple phishing or drive-by download tactics.
With India being one of Chrome’s largest user bases, the CERT-In alert serves as a crucial reminder of how even small delays in updating can expose millions to cyber threats.
