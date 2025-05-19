The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology (MeitY), has released a high-severity alert for desktop users of Google Chrome. This advisory affects systems running on Windows, macOS, and Linux, and warns of significant security flaws in outdated versions of the browser. These vulnerabilities could potentially be exploited by cybercriminals to gain remote control over compromised devices.

According to the alert, Chrome versions prior to 136.0.7103.113 on Linux and versions prior to 136.0.7103.113 or 136.0.7103.114 on Windows and Mac are susceptible to exploitation. The flaws stem from weaknesses in two components of the browser: the Loader and Mojo. While the Loader suffers from insufficient policy enforcement, Mojo — which facilitates inter-process communication — has been flagged for improper handling. These loopholes could be exploited by attackers to execute arbitrary code, potentially compromising an entire system.

What adds urgency to the advisory is the active exploitation of one of the vulnerabilities, identified as CVE-2025-4664. CERT-In notes that cybercriminals are already using this flaw in real-world attacks. The vulnerability can be triggered when a user is tricked into visiting a malicious website or clicking on a compromised link, enabling attackers to inject malware, steal personal data, or even crash the system.

Google has confirmed that the issues have been patched in the latest Chrome versions — 136.0.7103.113 and 136.0.7103.114 — which are being released through the browser’s Stable channel. Users are urged to update their browsers immediately to secure their systems against potential breaches.

Fortunately, updating Chrome is a straightforward process. Users can simply open the browser, click on the three-dot menu in the top-right corner, navigate to Help, and then select About Google Chrome. The browser will automatically check for available updates and install them. Restarting Chrome completes the update process.

CERT-In strongly advises all individuals and organisations using Chrome on desktop computers to ensure they are running the latest version as soon as possible. Prompt action could help prevent serious cyberattacks targeting known vulnerabilities already in circulation.