CERT-In issues high-severity alert for Google Chrome users in India — update Chrome immediately to patch vulnerabilities that risk remote code execution and data leaks.
Versions Affected by the Google Chrome Security Flaw
India’s cyber emergency agency, CERT-In, has issued a high-risk alert over multiple security flaws in Google Chrome that could let remote attackers execute code, escalate privileges or steal sensitive data from affected systems. The advisory, released on October 30, 2025, names a range of issues — from type-confusion and use-after-free bugs in the V8 JavaScript engine to problems in extensions, autofill, media and UI components.
Officials warned the vulnerabilities pose a real risk of remote code execution and data disclosure on Windows, macOS and Linux machines running older Chrome builds. CERT-In explicitly called out Chrome versions prior to 142.0.7444.59 (Linux) and prior to 142.0.7444.59/60 (Windows and macOS) as affected, urging users and organizations to treat the notice as high priority.
Cybersecurity experts say the combination of browser components named in the alert — V8, Extensions, Autofill, Media and Omnibox UI — can be exploited in different ways, including spoofing attacks, policy bypasses and out-of-bounds reads, making coordinated patching essential for enterprises and home users alike. The advisory stresses that attackers do not need physical access — a malicious web page or an infected extension can be enough to trigger the flaws.
