Update now! CERT-In flags critical vulnerability in Google Chrome
What's the story
The Indian Computer Emergency Response Team (CERT-In) has flagged a major security vulnerability in Google Chrome for desktop. The flaw, which can lead to remote code execution, affects multiple versions of the browser on Windows, macOS, and Linux platforms. CERT-In has issued a high-severity alert and is urging users to update their browsers immediately with the latest security patches.
Exploitation risk
Vulnerability could lead to complete system compromise
The vulnerability in question stems from a use-after-free flaw in Chrome's CSS rendering component. This issue could allow attackers to execute unauthorized code by manipulating memory handling inside the browser. CERT-In has warned that successful exploitation of this vulnerability could result in complete system compromise, data theft, and service disruptions. The agency has classified the threat as high risk due to its potential for remote exploitation without user awareness.
Recommended action
CVE-2026-2441 affects older versions of Chrome
To mitigate the risk posed by this vulnerability, CERT-In has advised users and organizations to immediately update their Chrome browsers with the latest security patches. The agency has provided details of the flaw in its advisory, including a link to Google's official security bulletin. The vulnerability has been assigned CVE-2026-2441 and affects older versions of Chrome on Windows (earlier than 145.0.7632.75/76), Mac (earlier than 145.0.7632.75/76), and Linux (prior to 144.0.7559.75).
Cybersecurity caution
Cybersecurity officials warn of potential risks
With Chrome being an integral part of daily internet use in India, cybersecurity officials have stressed on the importance of timely updates. They warned that delaying these updates could leave systems vulnerable to remote exploitation. The wide usage of Chrome for web browsing, online transactions, and cloud services makes it all the more important for users to keep their browsers updated with the latest security patches.