The Indian Computer Emergency Response Team (CERT-In) has sounded an urgent warning for millions of Google Chrome users across India, citing multiple high-risk vulnerabilities that could allow hackers to take control of devices or steal sensitive data. The cybersecurity agency, operating under the Ministry of Electronics and Information Technology (MeitY), has classified this as a high-severity alert, urging all Chrome users to update their browsers without delay.

According to CERT-In, users running Chrome versions older than 142.0.7444.59 on Linux and 142.0.7444.59/60 on Windows and macOS are at risk. These flaws were first identified in late October 2025, and Google has since rolled out security patches to fix them. However, users who have not yet updated remain exposed to potential cyberattacks.

The advisory warns that the vulnerabilities stem from a range of underlying issues within Chrome’s codebase. CERT-In noted, “Multiple vulnerabilities exist in Google Chrome due to Type Confusion in V8, inappropriate implementation in V8, Extensions, App-Bound Encryption, and Autofill; object lifecycle issue in Media; race in V8 and Storage; incorrect security UI in Omnibox, Fullscreen UI, and SplitView; policy bypass in Extensions; use-after-free in PageInfo and Ozone; and out-of-bounds read in V8 and WebXR.”

These technical flaws could allow attackers to bypass security protections, execute arbitrary code remotely, or gain access to confidential user data, potentially compromising entire systems. In simple terms, cybercriminals could exploit these bugs to run malicious commands, steal login credentials, or install malware without the user’s knowledge.

CERT-In explained, “Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, bypass security restrictions, perform spoofing attack or disclose sensitive information on the targeted system.” This means that attackers could not only hijack user systems but also escalate their privileges, gaining deeper access or stealing private information from affected devices.

The vulnerabilities affect multiple Chrome components, including the V8 JavaScript engine, extensions, autofill feature, App-Bound Encryption, media handling, and user interface elements. Issues such as type confusion, use-after-free errors, and out-of-bounds reads are among the technical causes behind these flaws.

To protect against these risks, CERT-In has urged all individuals and organizations using Google Chrome for desktop to install the latest version immediately. The process is simple:

• Open Chrome and click on the three-dot menu in the top right corner.
• Navigate to Settings > About Chrome.
• Click on Update Chrome, then relaunch the browser.

This update ensures that users receive the latest security fixes and mitigates the risk of potential exploitation.

With Chrome being one of the most widely used browsers in India, the government’s advisory serves as a crucial reminder of the importance of keeping software up to date. Ignoring these warnings could leave users vulnerable to remote attacks, phishing, and unauthorized access to personal data.