Update Google Chrome now! Your sensitive data might be compromised
What's the story
India's cybersecurity agency, CERT-In, has issued a high-severity alert for Google Chrome users on desktop platforms.
The warning highlights several vulnerabilities that could be misused by remote attackers to execute arbitrary code or cause a denial-of-service (DoS) attack.
The flaws affect Linux, Windows, and macOS users running outdated versions of Chrome.
Affected versions
Flaws affect specific versions of Google Chrome
The vulnerabilities affect Google Chrome versions prior to 137.0.7151.55 for Linux and 137.0.7151.55/56 for Windows and Mac.
CERT-In has rated the issue as "High" due to its potential impact, which includes system crashes, instability, and unauthorized code execution on affected systems.
The advisory (CIVN-2025-0110) details that these vulnerabilities are due to various problems like use-after-free errors in Compositing and libvpx among others.
Risk assessment
Attackers could exploit flaws via malicious websites
These flaws might be exploited by simply getting a user to visit a malicious website.
If successfully exploited, attackers could crash the browser, run any malicious code, or disrupt system operations.
The vulnerabilities can be used as a gateway for more severe attacks if not addressed promptly.
The alert targets all individual users and organizations using Google Chrome on desktops.
Mitigation strategy
Update to the latest version immediately
CERT-In has strongly advised all users to update Google Chrome to the latest version immediately. The official fix is available via Chrome's stable channel update. Users can check for updates by navigating to Chrome's settings menu or visiting the official Chrome blog for more details.