CERT-In Warns of Critical Google Chrome Vulnerabilities
India’s cybersecurity watchdog, CERT-In, operating under the Ministry of Electronics and Information Technology, has identified two serious vulnerabilities in the Google Chrome browser. These flaws pose a risk of allowing attackers to compromise user data and devices, emphasizing the need for users to update to the latest browser version, according to a report.
Urgent Update Advisory:
CERT-In has urged users on Mac, PC, and laptop platforms to apply security patches and update their Chrome browsers immediately. Smartphone users, however, are less impacted by these vulnerabilities.
Details of Vulnerabilities:
The vulnerabilities, labeled CIVN-2025-0007 and CIVN-2025-0008, are rated critical and high, respectively.
- CIVN-2025-0007: Affects Chrome versions earlier than 132.0.6834.83/8r on Windows and Mac.
- CIVN-2025-0008: Targets Chrome versions earlier than 132.0.6834.110/111 on Windows and Mac, and versions before 132.0.6834.110 for Linux.
Technical Causes:
CERT-In attributed these vulnerabilities to various issues, including:
- Out-of-bounds memory access in V8
- Improper implementation in navigation, fullscreen, fenced frames, payments, and extensions
- Integer overflow in Skia
- Out-of-bounds read in metrics
- Stack buffer overflow in Tracing
- Race conditions in frames
- Insufficient data validation in extensions
Action Required:
To protect user data and devices, CERT-In has recommended that users apply the necessary updates and security patches immediately to mitigate these risks.