Chrome under threat: CERT-In sounds alarm, pushes urgent update

CERT-In’s advisory (CIVN-2025-0110) warns that multiple flaws in Chrome’s components and APIs could be exploited via malicious websites, enabling attackers to execute code, crash browsers, or gain unauthorized control over affected systems

The Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a high-severity alert for desktop users of Google Chrome. The advisory warns of multiple security flaws that could be exploited by remote attackers to execute arbitrary code or launch denial-of-service (DoS) attacks.

The alert applies to Google Chrome versions prior to 137.0.7151.55 for Linux and 137.0.7151.55/56 for Windows and macOS. These vulnerabilities have been classified as “high” in severity due to the potential for significant impact, including browser crashes, system instability, and unauthorised code execution.

According to CERT-In’s advisory (CIVN-2025-0110), the flaws stem from various sources: use-after-free errors in Chrome’s Compositing and libvpx components; improper implementations in APIs such as FileSystemAccess, Background Fetch, BFCache, Messages, and Tab Strip; and out-of-bounds memory write issues within the V8 JavaScript engine. These vulnerabilities can be triggered by visiting a specially crafted website, potentially allowing attackers to take control of the system or cause the browser to crash.

Urgent Chrome security update advised

CERT-In warns that successful exploitation of these vulnerabilities could open the door to further attacks, making it essential for users and organizations to take swift action. The advisory is especially relevant to enterprise IT environments where browser-based applications are widely used, increasing exposure to such threats.

To mitigate the risks, users are strongly advised to update their Chrome browsers to the latest stable release, which contains security patches addressing these issues. Updates can be accessed by navigating to Help > About Google Chrome in the browser’s settings menu. More information is also available on Google Chrome’s official release blog.

With Chrome being one of the most widely used browsers globally, CERT-In stresses the urgency of applying updates to maintain robust cybersecurity defenses.