India's cybersecurity watchdog, CERT-In, has warned about two vulnerabilities in the popular Google Chrome browser that hackers can exploit. These new warnings are for Chrome users mostly across Mac, PC and laptop platforms and not that much for smartphone users. These vulnerabilities can allow attackers to compromise user data and devices, highlighting the importance of updating to the latest version of the browser. CERT-In has asked users to immediately apply the necessary security patches and update their Chrome browser to mitigate these risks.
Google Chrome security flaws: What are they
According to CERT-In’s website, Google Chrome is currently facing two major vulnerabilities — CIVN-2025-0007 and CIVN-2025-0008 — which have a severity rating of critical and high, respectively.
The first vulnerability affects Google Chrome versions before 132.0.6834.83/8r (in Windows/ Mac) while the other one targets Google Chrome versions before 132.0.6834.110/111 for Windows and Macs as well as versions before 132.0.6834.110 for Linux.
How these security flaws can affect users
CIVN-2025-0007 includes multiple vulnerabilities that have been reported in Google Chrome which could allow a remote attacker to execute arbitrary code, cause Denial of service conditions, disclose sensitive information, and bypass security restrictions on the targeted system. These security flaws are targeted towards all end-user organisations and individuals using Google Chrome for desktops. Hackers can use these vulnerabilities to potentially disclose sensitive information, cause system instability and data exfiltration.
CERT-In claimed that these vulnerabilities exist in Google Chrome due to out-of-bounds memory access in V8, inappropriate implementation in navigation, fullscreen, fenced frames, payments, extensions and compositing, an integer overflow in Skia, out-of-bounds read in metrics, stack buffer overflow in Tracing, Race in Frames and Insufficient data validation in Extensions.
A remote attacker can exploit these vulnerabilities by sending a specially crafted request to the targeted system. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, cause Denial of Service (DoS) conditions, disclose sensitive information, and bypass security restrictions on the targeted systems.
Meanwhile, CIVN-2025-0008 also includes multiple vulnerabilities which could also allow a remote attacker to execute arbitrary code or cause denial of service (DoS) conditions on the targeted system.
These security flaws are also targeted towards all end-user organisations and individuals using Google Chrome for Desktop. Hackers can also use these vulnerabilities to disclose sensitive information or cause system instability.
CERT-In also noted that these vulnerabilities exist in Google Chrome due to object corruption in V8 and out-of-bounds memory access in V8. A remote attacker could exploit these vulnerabilities by executing a specially crafted webpage to conduct remote code execution or cause a denial of service (DoS) condition on the targeted systems.
AI Masterclass for Students. Upskill Young Ones Today!– Join Now
The TOI Tech Desk is a dedicated team of journalists committed to...
Read MoreThe TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.
Read Less