Chrome versions prior to 140.0.7339.80/81 on Windows and macOS and 140.0.7339.80 on Linux are affected.
Vulnerabilities include use-after-free in V8 and flaws in toolbar, extensions, and downloads.
Risks include system compromise, data theft, and service disruption if left unpatched.
If you are Google Chrome users, you should read along. The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security alert for Google Chrome users on desktop platforms. In its advisory, the authority warned about multiple vulnerabilities that could expose systems to remote attacks.
SurveyAs per the advisory (CIVN-2025-0204), Chrome versions released before 140.0.7339.80/81 on Windows and macOS and 140.0.7339.80 on Linux are affected. These flaws can execute arbitrary code and could allow the attackers to bypass existing security restrictions on the target system.
The vulnerabilities are caused by two primary flaws in Chrome’s V8 JavaScript engine: a “use after free” problem and incorrect toolbar, extension, and download implementations. Security experts point out that attackers could take advantage of these flaws to take over the system by tricking a victim into visiting a maliciously designed webpage.
Also read: Apple iPhone 16e price drops by over Rs 10,900: How to grab this deal
“These vulnerabilities exist in Google Chrome due to use-after-free in V8 and Inappropriate implementation in Toolbar, Extensions & Downloads. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page,” the advisory stated.
A successful attack could have serious consequences, including system compromise and data theft, as well as major service disruptions. The risks affect both individuals and businesses that depend on Chrome for daily tasks because of the browser’s huge desktop user base.
How to stay safe?
CERT-In strongly advises all users to apply the most recent security updates released by Google without delay. The official fix has already been pushed to the stable channel; more information can be found on Google’s Chrome releases blog.
Follow Us
Ashish Singh
Ashish Singh is the Chief Copy Editor at Digit. He's been wrangling tech jargon since 2020 (Times Internet, Jagran English '22). When not policing commas, he's likely fueling his gadget habit with coffee, strategising his next virtual race, or plotting a road trip to test the latest in-car tech. He speaks fluent Geek. View Full Profile
