The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security advisory for Google Chrome users, warning of a critical flaw that could enable remote code execution on desktop systems running Windows, macOS, and Linux. The vulnerability has been tracked as CVE-2025-12036.
Devices affected
According to CERT-In, the issue affects Chrome builds prior to 141.0.7390.122/.123 on Windows and macOS, and prior to 141.0.7390.122 on Linux. Users who have not updated recently fall within the risk window.
What's the warning
The weakness has been found in Chrome’s V8 JavaScript engine. Exploitation can occur if a user is redirected to a crafted website or interacts with a malicious link controlled by an attacker. Successful exploitation could permit arbitrary code execution, allowing malware deployment, data theft, or complete system compromise.
Why this security flaw exists in Chrome
At a high level, the vulnerability arises because V8 (Chrome’s JavaScript engine) manipulates memory at very high speed and relies on complex optimizations (including a just-in-time compiler). Bugs in those optimizations or in memory management can corrupt program state (e.g., pointers or object layouts). That corrupted state can be shaped by an attacker using carefully crafted JavaScript, producing a path from a web page to arbitrary code execution inside the renderer process.
What users can do
CERT-In urges users to update Chrome without delay. Navigating to Help → About Google Chrome triggers any pending update and a browser restart applies the fix. Users are also advised to verify that their installation has reached version 141.0.7390.122 or newer.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
