Home / Technology / Tech News / CERT-In issues critical severity warning for Google Chrome on desktop users

CERT-In issues critical severity warning for Google Chrome on desktop users

India's cybersecurity agency CERT-In has issued a critical advisory for Google Chrome users on Windows, Mac, and Linux systems. Google will soon be releasing an update to fix these issues

Google Chrome (Photo: Bloomberg)

2 min read Last Updated : May 28 2026 | 3:49 PM IST

Listen to This Article

CERT-In has issued a critical-severity advisory warning for users regarding multiple vulnerabilities that have been discovered in Google Chrome for desktop. The central government agency has said that these vulnerabilities pose a high risk of remote code execution, unauthorised access to sensitive data, disruption of services, and privileged escalation.

Notably, Google has acknowledged these vulnerabilities and released a log of all issues that will be fixed with the next update, which is said to be rolled out in the coming days.

ALSO READ: YouTube will now auto-detect and label AI-generated realistic videos

Affected versions of Google Chrome

Chrome versions prior to 148.0.7778.178/179 for Windows and Mac
Chrome versions prior to 148.0.7778.178 for Linux

What kind of risks are involved

As per CERT-In’s advisory, the vulnerabilities discovered can allow a remote attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, heap-based buffer overflow or cause Denial of Service (DoS) conditions on the targeted system.

Also Read

YouTube is introducing automatic AI-generated video detection, clearer AI labels, and personalised custom feeds that let users discover content based on moods, prompts, and interests.

YouTube will now auto-detect and label AI-generated realistic videos

Google AI Overviews draws criticism after failing to spell basic words

Meta introduces paid Plus subscriptions for Instagram, Facebook, WhatsApp and more

Instagram, Facebook, WhatsApp to have paid versions; here's what you'll get

Sony BRAVIA 7 II TV with True RGB LED launched in India: Price, features

Digital afterlife: What happens to your digital assets after you die?

All end-user organisations and individuals using Google Chrome for desktop are at risk with these vulnerabilities. It can potentially result in their system getting compromised, service getting disrupted, and their sensitive information being disclosed without their consent.

ALSO READ: Google AI Overviews draws criticism after failing to spell basic words

Where are these vulnerabilities stemming from

As per CERT-In, these vulnerabilities exist in Chrome due to User-after-free in WebRTC, GPU, QUIC, XR and DOM, Out-of-bounds read in GPU, Heap buffer overflow in WebRTC and Chromecast, Type confusion in GFX, Insufficient policy enforcement in Service Worker, Insufficient validation of untrusted input in Input, and inappropriate implementation of UI.

A remote attacker could exploit them by convincing a victim to open a specially crafted web request.

What’s the solution?

CERT-In has advised users to follow Google’s resolution. The search giant has mentioned in a change log that a patch to fix these issues will be rolled out in the coming days or weeks. Users can stay up-to-date with the update, and download the forthcoming update as soon as it becomes available.