A major cybersecurity warning has been issued for millions of Google Chrome users in India after the Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, flagged multiple high-risk vulnerabilities in the browser. The alert, classified as a “high-severity” notice, warns that these flaws could potentially allow remote attackers to execute harmful code, steal sensitive information, or bypass essential browser security safeguards. The advisory has been directed to both individual users and organisations that use Chrome for desktops, highlighting the potential risks if immediate updates are not applied.
CERT-In’s high-risk warning and nature of the threat
According to the advisory released by CERT-In on October 30, 2025, multiple security flaws have been identified in Google Chrome across operating systems including Windows, macOS, and Linux. The vulnerabilities, if left unaddressed, could be exploited by cyber attackers to take control of users’ devices or access confidential data stored on the system. The government’s cybersecurity agency noted that these flaws stem from issues in several core components of the browser, including its JavaScript engine V8, Extensions, App-Bound Encryption, Autofill, and user interface components.
CERT-In explained that the vulnerabilities could enable attackers to execute arbitrary code remotely, escalate user privileges, or perform spoofing attacks. Remote code execution is particularly dangerous, as it allows attackers to run malicious programs on a victim’s device without their consent or awareness. This means that an unsuspecting user could have their browser manipulated to install malware, exfiltrate passwords, or track personal activities online.
The warning elaborated on the technical nature of the vulnerabilities, stating that flaws like “Type Confusion in V8,” “inappropriate implementation in V8 and Extensions,” “object lifecycle issue in Media,” “race condition in V8 and Storage,” and “incorrect security UI in Omnibox and Fullscreen UI” have been found. It also cited “use-after-free” bugs in PageInfo and Ozone, as well as “out-of-bounds read” vulnerabilities in components like V8 and WebXR. These issues collectively pose a serious threat to users, especially given that V8 and Ozone are core parts of Chrome’s architecture, and any compromise there could lead to severe breaches.
The alert further stated that these weaknesses could be exploited to bypass Chrome’s security policies, leading to unauthorised access to user data. Attackers could potentially manipulate the browser’s appearance or behavior to trick users into sharing personal or financial information, a technique known as a spoofing attack. This would make users believe they are interacting with a legitimate webpage while in reality, their data is being siphoned to malicious servers.
CERT-In warned that given the widespread use of Chrome in India across government departments, corporate entities, and personal devices, the scale of potential exposure is vast. The agency categorised the vulnerabilities as “high-risk” because of the possible consequences, including complete system compromise, data theft, and even the deployment of ransomware or spyware tools.
Who is at risk and what users must do now ?
The advisory explicitly mentioned that Chrome users on all major operating systems—Linux, Windows, and macOS—are at risk if their browsers are running outdated versions. Specifically, the alert applies to Chrome versions prior to 142.0.7444.59 for Linux, versions prior to 142.0.7444.59/60 for Windows and macOS, and versions prior to 142.0.7444.60 for macOS. Users running any of these versions are strongly advised to update their browsers immediately to avoid possible exploitation.
CERT-In emphasised that the vulnerabilities could be used by skilled cyber attackers to target both individuals and organisations. This includes anyone using Chrome for general web browsing, online transactions, or accessing cloud-based services. Since Chrome is also widely integrated into enterprise systems and workflows, the agency’s advisory has raised alarm in corporate cybersecurity circles. Many IT administrators have been urged to verify browser versions across employee systems and deploy updates through centralised management tools to ensure security compliance.
The cybersecurity body further explained that failing to update the browser could result in attackers gaining remote access to sensitive data such as login credentials, financial details, or confidential business information. Such breaches could lead to identity theft, phishing attacks, or large-scale corporate data leaks. CERT-In’s advisory therefore calls for immediate user action rather than delayed attention.
To mitigate the risks, Chrome users have been instructed to apply the latest security patches released by Google. Updating Chrome is a straightforward process, and users can do so by navigating to the browser’s menu, selecting “Settings,” and then “About Chrome.” The browser will automatically check for available updates and install them. Once the update is complete, users should relaunch Chrome to ensure the patches take effect.
CERT-In’s warning also extends to organisations and IT administrators responsible for maintaining systems in corporate networks. It recommends that they not only update browsers but also review their cybersecurity posture by enabling multi-factor authentication, restricting administrative access, and maintaining continuous monitoring for suspicious network activity. Since Chrome is often integrated into workplace software environments, unpatched vulnerabilities could provide a backdoor for hackers to infiltrate entire systems.
The advisory serves as a reminder of the ever-evolving cybersecurity landscape and the need for regular software updates. In recent years, browsers like Chrome have become central to digital activity, handling sensitive operations such as online banking, e-commerce, and government service access. This has made them prime targets for cybercriminals seeking to exploit even minor vulnerabilities.
The latest alert from CERT-In underlines the Indian government’s increasing focus on preventive cybersecurity measures. The agency has been issuing regular advisories to raise awareness among citizens and organisations about the importance of timely software updates, use of strong passwords, and caution against phishing links or suspicious downloads.
While Google typically releases updates swiftly to fix reported vulnerabilities, users often delay installing them, leaving systems exposed. Experts have stressed that enabling Chrome’s auto-update feature can help mitigate such risks. Additionally, cybersecurity professionals recommend keeping the operating system and all browser extensions up to date, as outdated plug-ins can also serve as entry points for attackers.
The Chrome vulnerabilities highlighted by CERT-In are part of a broader pattern of rising cyber threats worldwide. With increasing digitisation and the growing dependence on web-based platforms, attackers continuously probe for weaknesses in widely used software. In this case, even though Chrome remains one of the most secure browsers globally, the presence of multiple flaws across critical components underscores the importance of constant vigilance.
In India, where Chrome dominates the browser market with over 85% usage share, such warnings carry significant weight. Millions of users across personal and professional environments could potentially be affected if they neglect updates. The Ministry of Electronics and Information Technology has consistently urged citizens to follow government advisories and maintain digital hygiene.
By reaffirming this alert, CERT-In has once again highlighted that cybersecurity is a shared responsibility between technology providers and end users. While Google continues to improve Chrome’s security framework, timely user action is the first line of defence against cyber threats. Users must ensure their browsers are up to date and refrain from visiting untrusted websites or downloading unverified extensions.
The latest high-risk warning reinforces the growing reality that even minor software negligence can lead to major security breaches. As India continues its rapid digital transformation, ensuring proactive cybersecurity practices remains critical to protecting personal privacy and national digital infrastructure alike.
