The Indian Computer Emergency Response Team (Cert-In) has issued a high-severity security advisory for Google Chrome desktop users, warning that multiple vulnerabilities have been discovered in the popular web browser.
The flaws, according to the national cybersecurity watchdog, could allow remote attackers to steal sensitive data, execute arbitrary code, and bypass security protections on systems running Chrome on Windows, macOS, and Linux.
“These vulnerabilities carry a high risk of remote code execution and privilege escalation,” Cert-In said in a public statement. “Successful exploitation could let an attacker gain full control of an affected system.”
The alert covers Chrome versions prior to 142.0.7444.59 for Linux and corresponding earlier builds for Windows and macOS.
The Anatomy of the Vulnerabilities
Cert-In’s technical report traces the issue to a combination of flaws in Chrome’s V8 JavaScript engine — the core component that executes code — and other browser subsystems.
The vulnerabilities include:
Type Confusion and Race Conditions in V8, enabling remote code execution.
Inappropriate Implementations in Extensions and App-Bound Encryption, risking unauthorized access.
UI and Policy Bypass Issues in Omnibox, Fullscreen, SplitView, and Extensions, allowing spoofing and phishing attacks.
Use-After-Free and Out-of-Bounds Reads in PageInfo, Ozone, and WebXR, potentially exposing private data or system memory.
Attackers could exploit these weaknesses by luring users to visit maliciously crafted websites, triggering the flaws without any visible warning or prompt.
Government Issues Immediate Mitigation Steps
In response, Cert-In has advised all Chrome users — individuals, businesses, and institutional networks — to update their browsers immediately to the latest secure version available on Google’s official website or via in-browser settings.
The agency has also urged system administrators to enforce automatic updates and monitor enterprise networks for signs of exploitation.
“Users are advised to apply necessary patches released by the product vendor immediately,” the advisory said. “Delaying updates could expose systems to data theft, credential compromise, or ransomware deployment.”
Security experts note that Chrome’s frequent update cycles are a key defense, but users often postpone patches that close dangerous zero-day gaps.
Broader Cybersecurity Implications
The warning is the latest in a string of browser-related advisories issued by Cert-In in 2025, highlighting how everyday digital tools — even those from major global companies — remain targets of constant exploitation.
“V8 vulnerabilities are highly attractive to attackers because they sit at the intersection of code execution and data handling,” said a Delhi-based cybersecurity analyst. “Once compromised, a browser can become an open door to everything from passwords to crypto wallets.”
Cert-In’s notice underscores India’s growing vigilance in cybersecurity policy enforcement, as the country’s digital user base surpasses 900 million and browser-based threats continue to evolve in sophistication.
