Security breach alert: India government issues important warning for Chrome users you; check if you are affected and tips to fix it

India’s cybersecurity agency, CERT-In, has issued a high-severity alert for users of Google Chrome on desktop platforms. The advisory warns of multiple vulnerabilities that could allow remote attackers to execute arbitrary code or cause a denial-of-service (DoS) attack. The flaws affect users on Linux, Windows, and macOS running outdated versions of Chrome.

Vulnerabilities and affected versions
The vulnerabilities impact Google Chrome versions prior to 137.0.7151.55 for Linux and 137.0.7151.55/56 for Windows and Mac. CERT-In has classified the issue as “High” in severity due to the potential risks, which include system crashes, instability, and unauthorised code execution.

Nature of the threat
According to the advisory (CIVN-2025-0110), the vulnerabilities stem from various issues such as use-after-free errors in Compositing and libvpx, improper implementation of APIs like FileSystemAccess, Background Fetch, BFCache, Messages, and Tab Strip, and out-of-bounds memory writes in the V8 JavaScript engine. These flaws could be exploited by simply getting a user to visit a malicious website.

Successful exploitation would allow attackers to crash the browser, run malicious code, or disrupt system operations. The vulnerabilities can be used as a gateway for more severe attacks if not addressed promptly.