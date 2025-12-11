The Indian Computer Emergency Response Team identified several security bugs in the desktop versions of Google Chrome and issued a warning to users. The cybercriminals might take advantage of these bugs and commit various types of cybercrimes. They can execute multiple types of attacks on affected Mac, Windows, and Linux systems. They can steal data from the users they target; the data can be confidential information. The government, along with the warning, also gave a solution to Google Chrome users to save themselves.

What’s The Solution?

The Indian Computer Emergency Response Team has advised people to download software patches or updates. Users should do this immediately to save themselves from being victims of cybercrime, as this will help users effectively close security loopholes on affected platforms.

Cert-In’s Statement on Google Chrome's security flaw:

"Multiple vulnerabilities have been reported in Google Chrome for Desktop, which could be exploited by a remote attacker to execute arbitrary code, obtain sensitive information, gain elevated privileges, spoofing, and bypass security restrictions on the targeted system." The agency further emphasized that this is a high-severity alert and released a list of Google Chrome versions that are still vulnerable. The affected versions are as follows:

Google Chrome versions before 143.0.7499.40/41 for Windows

Google Chrome versions before 143.0.7499.40/41 for Mac

Google Chrome versions before 143.0.7499.40 for Linux

The agency warned that the security flaws could impact “all end-user organizations and individuals using Google Chrome for Desktop.” It added that these vulnerabilities pose a “high risk of remote code execution, privilege escalation, or unauthorised access to sensitive data,” with the potential to cause system compromise, data theft, or service disruption.

Cert-In explained that “multiple vulnerabilities exist in Google Chrome due to Type Confusion and Race in V8; inappropriate implementation in Google Updater, DevTools, Downloads, Split View, WebRTC, Password; Use after free in Digital Credentials, Media Stream; and Bad cast in Loader.” A remote attacker could exploit these issues by tricking a user into opening a specially crafted web page. If exploited successfully, these flaws could allow attackers to execute arbitrary code, steal sensitive data, gain elevated privileges, spoof systems, or bypass security restrictions. V8, which enables Chrome to run JavaScript and translates computer code into readable text, is a key component affected. Cert-In has urged users to update Google Chrome to the latest version without delay.