Google Chrome Security Alert: Update Now to Fix Critical Flaws

The Indian Computer Emergency Response Team (CERT-In), India's national cybersecurity agency, has issued a significant security alert for Google Chrome desktop users, warning about multiple severe vulnerabilities that pose a substantial risk to personal data and system integrity. The advisory, referenced as CIVN-2026-0235 by Times Now, specifically targets Chrome versions older than 148.0.7778.96 on Linux and 148.0.7778.96/97 on Windows and macOS. Google recently rolled out Chrome version 148 to its stable channel across Windows, Mac, and Linux, addressing a staggering 127 security vulnerabilities. This extensive update includes fixes for three critical-severity flaws, over two dozen high-severity issues, and numerous medium and low-severity vulnerabilities. Among the most dangerous are an integer overflow (CVE-2026-7896) in Chrome's Blink rendering engine and two 'use-after-free' vulnerabilities (CVE-2026-7897 and CVE-2026-7898) affecting Chrome's Mobile component and Chromoting (Chrome Remote Desktop). These types of memory corruption issues are particularly perilous as they can enable attackers to execute arbitrary code by manipulating freed memory regions, often through specially crafted web content or remote interactions. Another high-severity flaw, CVE-2026-7899, an out-of-bounds read/write vulnerability in V8, also posed a significant exploitation potential. According to CERT-In and corroborated by other cybersecurity experts, successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause denial-of-service (DoS) conditions on the targeted system. The advisory highlights that these flaws could be triggered simply by tricking users into visiting a specially crafted malicious website or clicking on a harmful link. Once exploited, hackers could potentially gain control over parts of the browser, access sensitive personal data, bypass built-in security protections, or even crash the device. While Times Now reported CERT-In rating the immediate issue as 'medium severity', it also noted that 'the actual risk is much higher,' a sentiment that aligns with the presence of critical vulnerabilities identified by Google and other security firms. The broader context reveals a recurring pattern of critical Chrome vulnerabilities. In 2024, for instance, Google patched seven zero-day vulnerabilities in Chrome that were actively exploited in the wild, including CVE-2024-4947, which was used by an APT threat actor (Lazarus) to infect endpoints with malware. Further zero-day exploits have been patched in early 2026, such as CVE-2026-2441 (use-after-free in CSS) and CVE-2026-3909 (out-of-bounds write in Skia), underscoring the continuous threat landscape faced by browser users. Given the severity and potential impact of these vulnerabilities, CERT-In has strongly urged all individuals and organizations using Google Chrome to update their browsers to the latest stable version immediately. Updating ensures that all recently issued security patches are applied, significantly reducing the attack surface for cyber threats. Users can typically update Chrome by navigating to the 'Help' section and then 'About Google Chrome' in the browser's settings, which will automatically check for and install available updates. A restart of the browser is essential for the updates to take full effect. The continuous stream of sophisticated vulnerabilities, including those exploited as zero-days, highlights the critical importance of keeping software, especially widely used browsers like Chrome, perpetually updated to protect against evolving cyber threats.

Frequently Asked Questions

Read Full Story on Quick Digest