India’s cybersecurity watchdog, CERT-In (Indian Computer Emergency Response Team), has issued a high-severity security alert for users of Google Chrome on desktop platforms, citing multiple critical vulnerabilities that pose significant cyber risks. The advisory underscores the urgent need for users to update their browsers to prevent remote code execution and denial-of-service (DoS) attacks.
Multiple Vulnerabilities Impacting Chrome on All Major Desktop OS
According to CERT-In’s advisory (CIVN-2025-0110), the vulnerabilities affect Google Chrome versions prior to 137.0.7151.55 on Linux and 137.0.7151.55/56 on Windows and macOS. Users operating older versions are at risk of system crashes, instability, and even the possibility of unauthorized code execution by threat actors.
The vulnerabilities stem from various issues within Chrome’s architecture, including:
- Use-after-free errors in components like Compositing and libvpx
- Improper implementations of APIs such as FileSystemAccess, Background Fetch, BFCache, Messages, and Tab Strip
- Out-of-bounds memory writes in the V8 JavaScript engine, which powers much of Chrome’s performance
These flaws, if exploited, can allow attackers to crash the browser, gain control over system processes, or act as a gateway to launch broader attacks on both individual users and enterprise networks.
FCRF x CERT-In Roll Out National Cyber Crisis Management Course to Prepare India’s Digital Defenders
Attack Vector: Simply Visiting a Malicious Website
One of the most concerning aspects of this advisory is the simplicity of the attack vector. Users can be compromised by merely visiting a malicious website crafted by the attacker. No additional user interaction may be required, making the vulnerabilities especially dangerous in phishing or social engineering campaigns.
CERT-In warns that successful exploitation can lead to:
- Arbitrary code execution
- Denial-of-service (DoS) attacks
- System instability and browser crashes
This makes the current situation especially critical for organizations and users who have not enabled automatic updates or who delay patch management in their IT infrastructure.
Urgent Action Required: Update Chrome Immediately
CERT-In recommends that all users—individual and organizational—update Google Chrome to the latest version via the stable channel. The fix for these vulnerabilities is already available and can be accessed through Chrome’s in-app update mechanism or by visiting the official Chrome blog.
To update Chrome:
- Open the Chrome browser.
- Click the three-dot menu on the top right.
- Go to Help > About Google Chrome.
- Chrome will automatically check for updates and install the latest version.
Given Chrome’s widespread use in personal, professional, and enterprise environments, this advisory carries broad security implications. Outdated browsers not only leave individual systems exposed but also become vulnerable entry points into corporate networks.