India’s Computer Emergency Response Team (CERT-In) has issued a high-severity advisory for Google Chrome users after identifying a remote code execution vulnerability affecting older Chrome desktop versions. The advisory, released on November 13, 2025, warns that attackers could exploit the flaw to run arbitrary code on targeted systems.
What the vulnerability means
According to the advisory, the issue impacts Google Chrome versions prior to 142.0.7444.162/163 on Windows and versions prior to 142.0.7444.162 on Linux and macOS. The vulnerability stems from improper implementation in Chrome’s V8 engine, allowing attackers to exploit the browser using specially crafted requests.
CERT-In notes that successful exploitation may lead to system compromise, loss of data integrity, and service disruption. The risk level has been classified as high because the flaw could enable complete control over affected machines without user awareness.
The advisory highlights that all end-user organisations and individuals using outdated Chrome versions on desktops are potentially vulnerable, making it essential for users across enterprise and personal systems to take immediate action.
Who is affected
The vulnerability applies specifically to Google Chrome for desktop users. Devices running browsers such as Chromium-based variants may also be indirectly impacted, depending on their update cycle. Users operating Windows, macOS, or Linux distributions with outdated Chrome builds are at the highest risk.
CERT-In has emphasised that attackers could exploit the issue remotely, meaning users do not need to engage with suspicious content for the attack to begin if the crafted request reaches the system.
What users should do now
CERT-In advises all Chrome desktop users to update their browsers to the latest stable release. Google has already issued a fix, available through Chrome’s automatic update system or via manual download.
Users can check for updates by navigating to Settings → About Chrome, which triggers the update process. For organisations managing multiple systems, immediate deployment of the patched version is recommended to reduce exposure.
The advisory also directs users to Google’s release notes for further details on the updated build and additional security fixes bundled with the patch.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
