Govt issues high risk warning for Google Chrome users and you should not miss it

The Indian Computer Emergency Response Team (CERT-In) has issued a high-risk warning for Google Chrome desktop users. In its latest vulnerability note tagged CIVN-2025-0130, the national cybersecurity agency under the Ministry of Electronics and Information Technology has flagged multiple vulnerabilities in Chrome. These flaws, if exploited, could allow remote hackers to gain access to users' computers and even crash the machines.advertisementAccording to CERT-In, the recently discovered vulnerabilities exist in Google Chrome versions prior to 137.0.7151.119/.120 for Windows and Mac, and prior to 137.0.7151.119 for Linux. These flaws arise from an integer overflow in Chrome's V8 JavaScript engine and use-after-free errors in the Profiler component.This means that users still running the vulnerable version of the Google Chrome browser could, by unknowingly visiting a malicious or specially crafted web page, allow a remote attacker to exploit these flaws to run harmful code on their system or cause it to crash. This exploitation could also result in serious harm, including sensitive data theft, complete system compromise, or service disruption — all without the user's knowledge.
CERT-In has marked the warning as High in severity, meaning these vulnerabilities in Google's web browser are particularly serious and could have major consequences if exploited. The risks include:advertisementRemote code execution: Attackers could gain control of the user's system.Denial of Service (DoS): PCs may become unresponsive or crash completely.Information disclosure: Users' sensitive data on the affected machine could be accessed or leaked.The threat is alarming to both individual users and organisations relying on Chrome for daily operations. All desktop users of Google Chrome — whether on Windows, macOS, or Linux as mentioned above — are at risk if they are using outdated versions.How to stay safe?To protect your system, CERT-In strongly recommends that users immediately update their Chrome browser to the latest stable version provided by Google. The official update has already been released. 'The Stable channel has been updated to 137.0.7151.119/.120 for Windows and Mac, and 137.0.7151.119 for Linux, which will roll out over the coming days/weeks,' notes Google in its recent Stable Channel Update for Desktop.If your system is not set to auto-update, you can manually check and update Chrome:Open the Google Chrome browser.Click the three-dot menu () in the top right corner.Go to Help > About Google Chrome.Chrome will automatically check for updates and install them if available.Restart the browser to apply changes.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Deccan Herald

2 hours ago

• Deccan Herald

Samsung to launch Galaxy M36 5G next week in India

Thanks to deeper collaboration with Google and Samsung, the Galaxy M36 will support advanced versions of Gemini AI features. It will be priced under Rs 20,000 in India.

First Post

2 hours ago

• First Post

16 billion passwords compromised, says report; have you changed yours?

A massive breach has exposed over 16 billion usernames and passwords from platforms like Google, Apple, Facebook, and more. The leak raises serious cybersecurity concerns, prompting urgent calls for stronger passwords, two-factor authentication, and regular dark web exposure checks. read more A staggering 16 billion usernames and passwords have been exposed in what experts are calling the largest-ever database of stolen credentials. The trove of compromised data includes login details from major platforms such as Apple, Google, Facebook, Telegram, GitHub and even government services, raising alarms over the global state of digital security. Cybersecurity researchers say the breach stems from a collection of 30 massive datasets, each holding tens of millions to over 3.5 billion records. The information, mostly acquired through infostealing malware, appears to be freshly leaked, with nearly all of the datasets previously unreported except for one earlier disclosure of 184 million passwords by researcher Jeremiah Fowler, according to a new investigation by Cybernews. STORY CONTINUES BELOW THIS AD 'Most of these credentials are structured as URLs followed by usernames and passwords, and they cover virtually every type of online service imaginable,' said Vilius Petkauskas, a Cybernews analyst who has been investigating the leak since the beginning of the year. The scale of this breach surpasses previous incidents, including last year's so-called 'Mother of All Breaches' which exposed 26 billion records. While it's unclear whether some of the leaked data might have been repackaged from earlier incidents, researchers insist that this leak is largely new. Lawrence Pingree, vice president at cybersecurity firm Dispersive, explained that such datasets are often circulated and resold on the dark web—sometimes bundled with other leaks, sometimes offered piecemeal. 'Whether it's a repackaged leak or not, 16 billion records is a huge number,' Pingree said. 'This kind of data is valuable precisely because it is so often misused.' The breach underscores how widespread the threat of credential theft has become, with attackers targeting social media platforms, corporate portals, developer tools, and VPN services alike. In response, experts urge users to adopt better security hygiene. Basic protections include running antivirus scans to detect infostealers, checking dark web exposure via tools like Google One's 'Dark Web Report,' and crucially, using strong and unique passwords for every service.

Mint

2 hours ago

• Mint

Alphabet's Google tries to appease EU with changes to search result rankings: Report

Alphabet's Google has reportedly put forward additional concessions to address concerns raised by European Union regulators, aiming to avoid a significant antitrust fine under the bloc's new digital competition rules. According to documents reviewed byReuters, the U.S. tech giant is attempting to appease the European Commission by adjusting how rival services are displayed in its search results. The move comes in response to formal charges filed three months ago, accusing Google of favouring its own platforms, such as Google Shopping, Hotels, and Flights at the expense of competitors, in violation of the Digital Markets Act (DMA). You may be interested in The DMA, which came into force earlier this year, outlines strict obligations for so-called 'gatekeeper' platforms to curb anti-competitive behaviour and offer consumers broader choices. Under Google's revised proposal, a selected vertical search service (VSS), chosen based on objective and non-discriminatory criteria would be prominently featured in its own dedicated box at the top of the results page. This box would mirror the design and features of Google's own modules and contain three direct links to offerings in categories like hotels, restaurants, transport, and airlines. Other VSS providers would still be listed further down in the search results, but would not benefit from a similarly prominent display unless users click to access them. Despite the proposal, the company has maintained that it disagrees with the Commission's preliminary conclusions. 'We do not agree with the (Commission's) preliminary findings' position but, on a without prejudice basis, we want to find a workable solution to resolve the present proceedings,' the documents noted. The European Commission has scheduled a meeting on 8 July to gather feedback from competing firms. Several of Google's rivals, who declined to be named ahead of the discussion, expressed scepticism over the effectiveness of the proposed changes. They argue that the measures still fall short of delivering a genuinely level playing field. The outcome of these negotiations could set a crucial precedent for how Big Tech operates under the EU's ambitious digital regulatory framework. (With inputs from Reuters)