Multiple security vulnerabilities detected in Google Chrome for Desktop could put several users at risk, according to an advisory issued by the Indian Computer Emergency Response Team (CERT-In). Google has already patched the security flaws affecting its browser application. The nodal authority for cybersecurity in the country has advised all users and organisations using Google Chrome for Desktop across three platforms to update to the latest version of the browser in order to remain protected from these security flaws.
Hackers Could Persuade Victims to Visit Malicious Websites to Gain System Access
CERT-In provides details of the security flaws affecting Google Chrome in its vulnerability note CIVN-2025-0099 that was published on May 16. It has been assigned a “high” severity rating, by the government agency. The flaws affect Google Chrome for Windows, Mac, and Linux computers older than version prior to 136.0.7103.113 (and older than 136.0.7103.114 for Windows computers).
The description for the first security flaw (CVE-2025-4664) reveals that an “insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page.” A description for the CVE-2025-4609 vulnerability reveals it was related to an “incorrect handle provided in unspecified circumstances in Mojo.”
According to CERT-In, hackers could use these flaws to gain unauthorised access to a user’s computer. In order to leverage these flaws, hackers would need to persuade users to visit a maliciously crafted website. Users running on the aforementioned versions of Chrome for Desktop would be vulnerable to hacking via these security flaws.
Google published a blog post on May 14, informing users that it had patched four security flaws affecting the browser, and credited two external researchers for discovering the security flaws in CERT-In’s advisory.
CERT-In has advised end user organisations and individuals to update to the latest stable versions of Google Chrome, which contain patches for these security flaws. Users on Linux and Mac computers should update to version 136.0.7103.113, while Windows users will need to install the latest 136.0.7103.114 update.
