CERT-In Warns: Google Chrome Vulnerabilities May Let Hackers Gain System Access
CERT-In Alerts Users to Critical Google Chrome Security Vulnerabilities
The Indian Computer Emergency Response Team (CERT-In) has issued an advisory warning users about multiple security flaws identified in Google Chrome for Desktop. These vulnerabilities, if exploited, could expose users to significant cyber threats. The national cybersecurity agency urged all users and organisations to immediately update to the latest version of Google Chrome across Windows, macOS, and Linux platforms to ensure protection. According to the advisory, users running outdated versions of the browser are at heightened risk.
In its vulnerability note, CIVN-2025-0099, published on May 16, CERT-In detailed the nature and severity of the issues, assigning them a “high” severity rating. The affected versions include Chrome for Desktop prior to version 136.0.7103.113 for Mac and Linux, and 136.0.7103.114 for Windows systems. These flaws could potentially be exploited by attackers to execute unauthorized actions on a user’s system.
Among the vulnerabilities, CVE-2025-4664 involves insufficient policy enforcement in Chrome’s Loader component, which could allow attackers to leak cross-origin data through a specially crafted HTML page. Another flaw, CVE-2025-4609, relates to the improper handling of operations within Mojo, Chrome’s inter-process communication system. Exploiting these weaknesses would typically require the attacker to trick users into visiting a malicious website, making social engineering a key part of the attack strategy.
Google acknowledged the issues and released security patches on May 14 to address four identified flaws. The company credited two independent security researchers for uncovering the vulnerabilities, as noted in CERT-In’s advisory. Users are strongly advised to update their browsers without delay, as continued use of unpatched versions could leave systems exposed to malicious exploitation.
