Highlights:
- CERT-In issues a high-risk alert for Google Chrome users in India.
- Vulnerabilities may allow remote code execution and data theft.
- Affected versions include Chrome prior to 142.0.7444.60 on all major OS platforms.
- Flaws found in Chrome’s V8 engine, extensions, and autofill systems.
- Users are urged to update Chrome immediately to secure their devices.
The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-risk alert for millions of Google Chrome users across India, warning them to update their browsers immediately. The alert highlights several critical vulnerabilities that could enable hackers to gain remote access, steal confidential information, or bypass key security features on affected systems.
According to CERT-In’s advisory issued on Thursday (30), the security loopholes affect Google Chrome users on Windows, macOS, and Linux operating systems. The flaws, if exploited, could allow attackers to execute arbitrary code, perform spoofing attacks, escalate privileges, or leak sensitive data from targeted systems.
The alert explains that these vulnerabilities stem from multiple weaknesses within Chrome’s internal components, including type confusion in V8, inappropriate implementation in extensions, app-bound encryption, and autofill systems, as well as race conditions and policy bypass issues. Additional risks include use-after-free errors in PageInfo and Ozone and out-of-bounds reads in V8 and WebXR, which could let hackers manipulate how Chrome handles memory and processes user input.
CERT-In has strongly urged users to update Chrome to the latest version (142.0.7444.60 or above) to mitigate these risks. The vulnerable versions include Chrome releases prior to 142.0.7444.59 for Linux and prior to 142.0.7444.59/60 for Windows and Mac. Users can update their browsers manually by navigating to the three-dot menu → Settings → About Chrome → Update Chrome.
Cybersecurity experts warn that unpatched browsers are prime targets for malicious actors, especially as browser-based attacks continue to surge globally. Exploiting these vulnerabilities could enable hackers to install malware, steal personal data, or even control infected systems remotely.
This alert follows a series of global warnings issued in recent months as major browsers like Chrome and Edge continue to face zero-day exploits and cross-site scripting attacks. CERT-In emphasized that keeping software up to date remains the most effective defense against such threats.
