Govt Issues High-Risk Warning for Google Chrome, Urges Immediate Fix

CERT-In (Indian Computer Emergency Response Team) has issued a high-risk security warning for Google Chrome users on macOS, Windows, and Linux.

Identified as Vulnerability Note CIVN-2025-0024, the advisory highlights multiple critical security flaws that could be exploited by cybercriminals to execute arbitrary code and gain unauthorized access to compromised systems.

Users are strongly advised to update their Chrome browsers immediately to prevent potential cyberattacks.

Critical Security Flaws Detected in Google Chrome

CERT-In has detailed various vulnerabilities present in Google Chrome’s desktop versions across Windows, macOS, and Linux. These security loopholes originate from weaknesses in Chrome’s core architecture, including:

• ‘Use after free’ vulnerabilities in Visual Studio (VS) and Navigation

• Inappropriate implementation in the Browser UI

• Out-of-bounds memory access in Chrome’s V8 JavaScript engine

Such vulnerabilities could allow hackers to launch malicious cyberattacks, gaining control over affected systems, stealing sensitive data, or even executing system-wide compromises.

How Hackers Can Exploit These Flaws

According to CERT-In, attackers can exploit these vulnerabilities through phishing techniques, tricking users into visiting maliciously crafted websites. Once a user lands on an infected webpage, malware can be injected into the system, leading to the execution of arbitrary code. The consequences of such an attack could include:

• Remote system access by cybercriminals

• Theft of sensitive personal and financial data

• System crashes and major operational disruptions

• Potential data breaches in businesses and government institutions

For individuals storing passwords, financial information, or confidential data in Chrome, failing to update the browser in time could lead to identity theft and fraudulent activities.

Who is Impacted?

The high-risk vulnerabilities affect users running outdated versions of Google Chrome on desktop platforms. The following versions are specifically flagged as vulnerable:

• Google Chrome versions prior to 133.0.0043.59/.99 for Windows and Mac

• Google Chrome versions prior to 133.0.6943.98 for Linux

Users running these outdated versions, whether individuals, businesses, or government organisations, are at high risk of cyber threats and should immediately update their browsers.

How to Protect Your System

CERT-In and Google recommend that users promptly update their browsers to patch the identified security flaws. Follow these steps to secure your system:

Steps to Update Google Chrome:

1. Open Google Chrome on your computer.

2. Click on the three-dot menu in the top-right corner.

3. Navigate to Help > About Google Chrome.

4. Chrome will automatically check for updates and install the latest version.

5. Restart your browser to apply the updates.

Alternatively, users can visit the official Google Chrome Updates page to verify the latest security patches and download them manually.

Conclusion

The recent security advisory from CERT-In underscores the critical importance of keeping software up to date, especially for widely used platforms like Google Chrome. With multiple high-risk vulnerabilities detected, users across macOS, Windows, and Linux must take immediate action to safeguard their systems. Cybercriminals can exploit these flaws to execute malicious code, steal sensitive data, or compromise entire networks.

By regularly updating their browsers, users can mitigate security risks and protect themselves from potential cyber threats. Google has already released patches to fix these vulnerabilities, making it essential for individuals, businesses, and organizations to ensure they are using the latest version of Chrome.

This incident also highlights the growing need for cybersecurity awareness and proactive digital hygiene. As cyber threats evolve, staying informed and implementing security best practices—such as enabling automatic updates and avoiding suspicious websites—will remain crucial in safeguarding personal and professional data from cyberattacks.