The Indian Computer Emergency Response Team (CERT-In), the national cybersecurity agency under the Ministry of Electronics and Information Technology, has issued a high-severity warning for Google Chrome users, advising immediate updates across Windows, macOS, and Linux. The warning comes after the discovery of multiple high-risk vulnerabilities in the browser, raising concerns about potential remote attacks.

Vulnerabilities and Risks

CERT-In has flagged several security flaws in Chrome that could allow attackers to execute arbitrary code or bypass key security protections simply by luring users to a malicious website. These vulnerabilities, identified as CVE-2025-13223 and CVE-2025-13224, have been classified as "high severity," meaning attackers could use them to compromise a system remotely. The identified issues include an out-of-bounds write in WebGPU, along with several flaws in V8, Views, and Omnibox components.

One major security flaw lies in a Type Confusion error inside Chrome's V8 engine, which is responsible for processing JavaScript and WebAssembly. When Type Confusion occurs, the browser may attempt to access memory in an unsafe way, which can open the door for malicious code execution. CERT-In explains that this could allow attackers to run harmful programs on a computer simply by directing users to a specially crafted webpage. Another vulnerability stems from an integer overflow in Chrome's V8 JavaScript engine and use-after-free errors in the Profiler component.

Cyber experts warn that successful exploitation could allow hackers to gain control of affected systems, steal sensitive data, or disable security safeguards entirely. CERT-In has categorized the threat level as high, noting that such vulnerabilities can lead to data theft, credential exposure, or complete system compromise if left unpatched. The risks include sensitive data theft, complete system compromise, or service disruption, all without the user's knowledge.

Affected Versions

The vulnerabilities impact Chrome versions earlier than 142.0.7444.134/.135 on Windows, macOS, and Linux. Google confirmed that one of the vulnerabilities, CVE-2025-13223, is already being exploited “in the wild,” meaning hackers have found a working method to take advantage of the flaw before many users have updated their browsers. The company stated that Chrome versions prior to 142.0.7444.175/.176 on Windows, 142.0.7444.176 on macOS, and 142.0.7444.175 on Linux are affected. In June 2025, CERT-In issued a similar warning for Chrome versions prior to 137.0.7151.119/.120 for Windows and Mac, and prior to 137.0.7151.119 for Linux.

Mitigation Measures

Users are strongly advised to verify their browser version and apply the latest update immediately. To protect themselves, users should update Chrome to version 142.0.7444.135 or later immediately.

To update Chrome:

1. Open Chrome.
2. Click the three-dot menu → Settings → About Chrome.
3. If an update is available, install it and restart the browser.

Security teams are advised to review internal activity logs for any unusual behavior and reinforce protective measures such as restricting unnecessary extensions, filtering risky domains, and keeping endpoint protection software up to date. By delaying updates, systems can be left open to attack. With a formal government alert now issued, immediate patching is the safest course of action for all users and enterprises.