NEW DELHI: The Indian Computer Emergency Response Team (CERT-In) has issued an urgent high-severity security advisory for Google Chrome desktop users across India. The alert warns of multiple critical vulnerabilities that could allow attackers to gain remote access, steal sensitive data, or compromise user systems.

The official advisory identifies several technical flaws—ranging from type confusion errors and use-after-free bugs to race conditions and improper implementations—within Chrome’s core components such as the V8 JavaScript engine and extensions framework.

Rated at a CVSS severity score of 8.8, these vulnerabilities could enable remote code execution simply by luring users to maliciously crafted websites, requiring no further interaction.

According to CERT-In, the vulnerabilities affect Chrome versions older than 142.0.7444.59 (Linux), 142.0.7444.59/.60 (Windows), and 142.0.7444.60 (macOS). Users running these versions are strongly advised to update immediately.

While no mass exploitation has been detected yet, experts note that such vulnerabilities often become part of exploit kits used by cybercriminals within days of disclosure. “Given Chrome’s dominance in India’s digital ecosystem, the exposure potential is immense,” a CERT-In spokesperson said.

The warning coincides with Google’s rollout of a new stable channel update earlier this week, which reportedly addresses these security gaps.

India’s growing digital footprint—over 900 million internet users and Chrome’s 70% market share—makes the country a significant target for cyberattacks. Similar alerts in the past, such as the June 2025 advisory, saw over 100 million users updating their browsers within days.

Cybersecurity experts caution that unpatched browsers may become gateways for ransomware attacks, phishing campaigns, or even state-sponsored espionage. The risks extend to developers and enterprise users leveraging connected platforms like GitLab, which CERT-In has also flagged for concurrent vulnerabilities.

How Users Can Stay Protected

Check Chrome Version: Go to Settings > About Chrome or type chrome://settings/help .

Go to Settings > About Chrome or type . Update Immediately: Allow automatic download or visit Google’s Chrome Releases page.

Allow automatic download or visit Google’s Chrome Releases page. Enable Auto-Updates: Keep background updates active.

Keep background updates active. Practice Safe Browsing: Avoid unverified links and enable site isolation ( chrome://flags/#enable-site-per-process ).

Avoid unverified links and enable site isolation ( ). Report Issues: Submit to cert-in.org.in.

CERT-In’s latest alert underscores the persistent cybersecurity challenges in 2025. With festive season activity increasing online, authorities emphasize that a quick browser update remains the simplest defense against major data thefts and remote breaches.