India’s Computer Emergency Response Team (CERT-In) has issued a high-risk alert to Google Chrome users, warning that outdated versions of the browser leave personal and sensitive data vulnerable to cyberattacks.
The flaws in older versions allow criminals to take full control of devices. CERT-In also warns that these flaws are being actively exploited by cybercriminals.
Critical flaws actively exploited
In advisory CIVN-2026-0141, CERT-In flagged two severe vulnerabilities—CVE-2026-3909 and CVE-2026-3910—in Chrome versions older than 146.0.7680.80 across Windows, macOS, and Linux. The flaws, present in the Skia graphics library and V8 JavaScript engine, can let remote attackers execute arbitrary code if users visit a malicious website. Once exploited, attackers can steal data, take full control of devices, or disrupt services. These issues are already being used in real-world attacks.
How to stay safe?
CERT-In urges immediate action. Follow these simple steps:
1. Open Chrome, go to Settings > About Chrome, and update to version 146.0.7680.80 or newer. Enable automatic updates for instant protection.
2. Never click suspicious links from emails, messages, or pop-ups.
3. Install reliable antivirus or endpoint protection software.
4. Avoid downloading files from untrusted websites.
5. Keep all apps and devices updated regularly.
The government body stressed that updating Chrome is the most effective defence. Users and enterprises are advised to act now to prevent data breaches. Staying vigilant and patched is the best shield against rising cyber threats.
