Published: Nov 4, 2025
The Indian government has issued a high-severity cybersecurity alert for millions of Google Chrome users across the country, following the discovery of multiple critical vulnerabilities in the web browser. The warning, released by the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology, advises users to immediately update their browsers to prevent potential exploitation by malicious actors.
The alert, issued on October 30, 2025, highlights a range of security flaws in Google Chrome that could allow remote attackers to bypass security mechanisms, execute arbitrary code, or access sensitive data on affected systems. According to CERT-In, these vulnerabilities pose a significant risk to individuals, businesses, and government organisations that rely on Chrome for desktop browsing.
Understanding the Threat
CERT-In detailed that the vulnerabilities in Google Chrome could enable a range of attacks. These include:
- Remote code execution: Attackers could run malicious code on a user’s device without authorization.
- Privilege escalation: Malicious actors could gain higher access rights, potentially allowing them to manipulate files, settings, or sensitive system configurations.
- Information disclosure: Sensitive user data, such as saved passwords, browsing history, or personal files, could be exposed.
- Security bypasses: Vulnerabilities may allow attackers to bypass Chrome’s built-in security mechanisms, including sandboxing and policy restrictions.
- Spoofing attacks: Users could be tricked into interacting with fraudulent websites or interfaces that appear legitimate, increasing the risk of phishing and fraud.
Specifically, CERT-In identified multiple vulnerabilities stemming from technical issues within the browser’s V8 engine, Extensions, App-Bound Encryption, Autofill functionality, and other browser components. These include:
- Type confusion and inappropriate implementation issues in V8
- Object lifecycle issues in Media components
- Race conditions in V8 and Storage modules
- Incorrect security UI in Omnibox, Fullscreen UI, and SplitView
- Policy bypass vulnerabilities in Extensions
- Use-after-free vulnerabilities in PageInfo and Ozone
- Out-of-bounds read issues in V8 and WebXR
The breadth of these vulnerabilities indicates that virtually all aspects of the browser, from rendering to extension handling, could be targeted if users do not update promptly.
Who Is at Risk?
The CERT-In advisory specifies that the threat affects Google Chrome users on Linux, Windows, and macOSplatforms. The affected versions are:
- Linux: Google Chrome versions prior to 142.0.7444.59
- Windows: Google Chrome versions prior to 142.0.7444.59/60
- Mac: Google Chrome versions prior to 142.0.7444.60
The alert warns that any individual or organisation using Chrome without applying the latest security updates is potentially vulnerable to these attacks. CERT-In emphasises that this includes corporate desktops, personal computers, and public workstations where sensitive data might be at risk.
Recommended Action: Update Chrome Immediately
To mitigate these risks, CERT-In strongly urges all users to update Google Chrome to the latest available version without delay. Browser updates typically include patches for newly discovered vulnerabilities, and failing to install them can leave systems exposed to cyberattacks.
For Windows and macOS users, updating Chrome is straightforward:
- Open the Chrome browser.
- Click the three-dot menu in the top-right corner.
- Navigate to Settings > About Chrome.
- If an update is available, Chrome will automatically download and install it.
- Restart the browser to complete the update.
For Linux users, the update process may vary depending on the distribution and package manager in use, but the key principle remains the same: always install the latest stable release of Chrome.
CERT-In also advises organisations to ensure that all enterprise systems running Google Chrome are patched, and to monitor for unusual or suspicious browser activity, which could indicate attempted exploitation of these vulnerabilities.
Implications of the Vulnerabilities
Security experts note that these vulnerabilities are particularly concerning because of the widespread use of Google Chrome, which dominates the desktop browser market globally. Millions of users in India rely on Chrome for both personal and professional purposes, meaning that the potential attack surface is enormous.
The vulnerabilities identified could be exploited to target sensitive data, including banking credentials, login information for corporate networks, and personal files. For organisations, compromised systems could lead to data breaches, financial losses, and reputational damage, while individuals could face identity theft or financial fraud.
CERT-In’s alert underscores the ongoing importance of cybersecurity hygiene, particularly keeping software up-to-date, avoiding suspicious downloads, and practising safe browsing habits.
Government and CERT-In Response
The Indian government, through CERT-In, has positioned itself as a proactive agent in warning users and organisations about emerging cybersecurity threats. By issuing this high-risk alert, authorities aim to prevent a surge in attacks that could exploit the Chrome vulnerabilities.
CERT-In has historically issued such alerts to help end-users and IT administrators identify, assess, and remediate cybersecurity risks. The current advisory is part of a broader strategy to enhance national cybersecurity resilience, particularly for widely used software and platforms.
Officials encourage all organisations, including government departments, educational institutions, and private enterprises, to implement immediate patching policies and verify that all end-user systems comply with the latest security standards.
Cybersecurity Best Practices Beyond Updates
While updating the browser is the immediate step, cybersecurity professionals also recommend a set of complementary practices to further safeguard systems:
- Regular Backups: Maintain secure backups of critical data to mitigate potential loss due to exploitation.
- Use Antivirus and Anti-Malware Tools: Keep these tools updated to detect and prevent potential attacks.
- Strong Passwords and MFA: Use unique, complex passwords and enable multi-factor authentication for online accounts.
- Monitor Network Traffic: Watch for unusual activity that could indicate compromise.
- Avoid Suspicious Links and Downloads: Do not click on unverified links or download attachments from unknown sources.
Experts emphasize that vigilance and regular software updates remain the most effective defenses against cyber threats.
Conclusion
The CERT-In advisory for Google Chrome users in India highlights a pressing cybersecurity concern affecting millions of individuals and organisations. With multiple vulnerabilities allowing potential remote code execution, privilege escalation, and information disclosure, immediate action is critical.
Updating Google Chrome to the latest version is the most effective measure to safeguard sensitive data and maintain the integrity of computer systems. For organisations, ensuring that all endpoints are patched, monitoring activity, and implementing broader cybersecurity best practices are equally important.
As cyber threats continue to evolve, advisories like this reinforce the need for constant vigilance, proactive security measures, and timely updates to protect users from increasingly sophisticated attacks.
Leave a Reply