CERT-In issues a warning for Google Chrome on desktop users: Know why

A new CERT-In advisory warns Chrome users on Windows, Mac, and Linux of a flaw that allows remote hackers to run malicious code

The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for people who use Google Chrome on desktops. CERT-In, in an advisory, warned users regarding a vulnerability in Chrome that can allow a remote user to execute arbitrary code on systems. CERT-In has issued a ‘High’ severity warning for this vulnerability.

Who is affected by this?

• Users running Google Chrome versions prior to 139.0.7258.138/.139 for Windows and Mac.
• Users running Google Chrome versions prior to 139.0.7258.138 for Linux.

What’s the alert about?

In simpler words, CERT-In’s advisory means that a hacker sitting remotely could trick Chrome into running harmful commands on your system. This means that if you visit a malicious website or open a crafted link, the attacker could gain control over parts of your computer, install malware, steal data, or crash your system.

 

 

This not only poses a risk for disruption in services but also brings the risk of your entire system getting compromised, where a hacker can exploit it to extract the information that they need.

How to protect yourself from this?

According to the advisory from CERT-In, there is only one possible way to keep protected against this vulnerability. CERT-In has asked affected users to install the latest Google Chrome update, as provided by the US technology giant.

In related news, earlier in July, CERT-In issued a high-severity advisory warning users of multiple vulnerabilities across Microsoft Windows, Office, Azure, SQL Server, and other products. The flaws could have let attackers gain elevated privileges, steal sensitive data, execute remote code, or bypass security protections, potentially leading to spoofing, system tampering, or denial-of-service attacks. CERT-In urged both individuals and enterprises to apply Microsoft’s latest security patches immediately, noting that while no active exploitation was reported, the risks remained significant if systems were left unpatched.