CERT-In Flags Critical Security Flaws in Google Chrome—Users Urged to Update

The Indian Computer Emergency Response Team (CERT-In) has issued a high-priority security warning for Google Chrome desktop users, highlighting multiple vulnerabilities that could allow attackers to compromise systems. The advisory underscores the risks of remote code execution, security bypass, and denial-of-service (DoS) attacks.

 

Who Is Affected?

The vulnerabilities impact Linux, Windows, and Mac users running outdated versions of Chrome. Specifically, the following versions are at risk:

• 134.0.6998.35 (Linux)
• 134.0.6998.35/36 (Windows)
• 134.0.6998.44/45 (Mac)

 

How Attackers Can Exploit These Flaws

According to CERT-In’s advisory (CIVN-2025-0040), these security gaps could be exploited by tricking users into visiting maliciously crafted websites. If successful, hackers may gain unauthorized access, execute arbitrary code, steal sensitive data, or disrupt system functionality.

 

The Technical Breakdown

The vulnerabilities stem from several issues, including:

• Memory handling flaws in V8, PDFium, and Media leading to out-of-bounds read attacks.
• Improper directory path limitations in Chrome’s DevTools, which could be abused to access restricted files.
• Use-after-free vulnerabilities in Profile Management, potentially leading to unauthorized data access.
• Flaws in permission prompts, media stream handling, and browser UI, making it easier for attackers to manipulate system interactions.

What Users Should Do Now

CERT-In strongly recommends updating Google Chrome immediately to patch these vulnerabilities. Keeping your browser up to date is one of the simplest yet most effective ways to safeguard against cyber threats.

 

Google’s Legal Troubles Mount

This security alert comes as Google faces renewed scrutiny in an ongoing antitrust case, with regulators and plaintiffs pushing for stricter oversight and potential structural changes to its business model. The search and advertising giant is accused of monopolistic practices, and proposed remedies include breaking up parts of its operations to ensure fair competition.

 

With both security and regulatory challenges intensifying, Google users must stay vigilant—ensuring both their browsers and awareness of cyber threats remain up to date.