The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for users of Google Chrome on desktop platforms, highlighting multiple security vulnerabilities that could allow attackers to run arbitrary code on affected systems.
The vulnerability note, CIVN-2025-0099, was published on May 16, 2025, and applies to Google Chrome versions prior to 136.0.7103.113/.114 for Windows and Mac, and versions prior to 136.0.7103.113 for Linux.
CERT-In warned that these flaws could lead to sensitive information disclosure or system instability if exploited. The agency stated that the vulnerabilities stem from insufficient policy enforcement in the browser’s Loader component and improper handling in Mojo, a component responsible for inter-process communication in Chrome.
According to the advisory, a remote attacker could exploit these issues by luring a user to a malicious web page. Successful exploitation could enable the attacker to execute code on the user’s machine, potentially compromising the entire system. One of the vulnerabilities, tracked as CVE-2025-4664, is already being actively exploited in the wild.
Who all are afected
The advisory is directed at all individual users and organizations using Google Chrome on desktop systems, including Windows, macOS, and Linux platforms.
What you should do
CERT-In has advised users to immediately update their browsers to the latest version provided by Google. The relevant security fixes have been included in Chrome versions 136.0.7103.113 and above. Users can access the update through Chrome’s built-in update mechanism or by visiting the official Chrome Releases blog.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
