Affected Chrome versions are below 136.0.7103.113 (Linux) and 136.0.7103.113/114 (Windows, macOS).
Vulnerabilities include loader security flaw and improper handling in Mojo.
Attackers are already exploiting one of the vulnerabilities (CVE-2025-4664).
The Indian Computer Emergency Response Team, also known as CERT-In, has issued a security warning to all Google Chrome users running Windows, macOS, and Linux. The agency operating under the Ministry of Electronics and Information Technology (MeitY) identified some critical vulnerabilities in the previous version of the browser that could potentially give attackers control of your device.
According to CERT-In, the security flaws affect Google Chrome versions below 136.0.7103.113 on Linux, and 136.0.7103.113 or 136.0.7103.114 on Windows and macOS. It identified two vulnerabilities: the loader security flaw and the mojo component issue, which is the improper handling of data within Mojo, a tool used for inter-process communication in Chromium-based browsers.
Also read: OnePlus 13s India launch date set for June 5: Check expected price, specs here
If attackers gain access and are able to execute arbitrary code, it may result in unauthorised access to sensitive data, compromised system integrity, and the installation of malware or spyware.
According to reports, attackers are already exploiting the vulnerability (CVE-2025-4664). The flaw can be exploited by directing users to malicious websites or links, allowing attackers to take complete control of the user’s device, install malware, or steal data.
How to fix
CERT-In has advised all desktop Google Chrome users to update their browsers to the most recent version. The tech behemoth has also confirmed that the new version addresses these vulnerabilities.
If you’re wondering how to update the browser, simply open Google Chrome, click the three dots in the upper right corner, and select Help, then About Google Chrome. It will automatically check for and install the most recent updates. You can then restart your browser to finish the process.
Follow Us
Ashish Singh
Ashish Singh is the Chief Copy Editor at Digit. He's been wrangling tech jargon since 2020 (Times Internet, Jagran English '22). When not policing commas, he's likely fueling his gadget habit with coffee, strategising his next virtual race, or plotting a road trip to test the latest in-car tech. He speaks fluent Geek. View Full Profile
