CERT-In flags critical flaw in Chrome—millions could be exposed
What's the story
The Indian Computer Emergency Response Team (CERT-In) has issued a critical alert over security vulnerabilities in Google Chrome on desktops.
The advisory, titled CIVN-2025-0099, was issued on May 16, and impacts all versions of the browser before 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux machines.
CERT-In warned that the flaws could lead to unauthorized code execution on affected systems, risking users' sensitive information and system stability if exploited by malicious actors.
Technical details
Vulnerabilities linked to browser's loader component
The vulnerabilities in question are associated with poor policy enforcement in the browser's Loader component and improper handling in Mojo, a component that handles inter-process communication in Chrome.
CERT-In has warned that these flaws could allow attackers to execute arbitrary code on the affected systems by tricking users into visiting a malicious website.
One of these vulnerabilities, CVE-2025-4664, is already being actively exploited in the wild.
User impact
Advisory issued for all Google Chrome users
The advisory from CERT-In applies to all individual users and organizations running Google Chrome on desktops, including Windows, macOS, and Linux platforms.
To avoid these risks, CERT-In has urged users to update their browsers to the latest version from Google.
The required security patches have been integrated into Chrome 136.0.7103.113 and above for Windows and Mac, and 136.0.7103.113 and above for Linux systems.