Multiple vulnerabilities in Google Chrome for desktop can expose users to remotely executed cyberattacks, according to a warning issued by the Indian Computer Emergency Response Team ( CERT-In).
In a vulnerability note earlier this week, the nodel government cybersecurity agency warned that these vulnerabilities have been spotted in Chrome for Windows, MacOS and Linux.
The CERT-In vulnerability note CIVN-2025-0099 refers to Google Chrome versions prior to 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. All individuals and organisations using Google Chrome for desktop via Windows, MacOS or Linux run systems are exposed to these vulnerabilities, CERT-In said.
"Multiple vulnerabilities exist in Google Chrome due to insufficient policy enforcement in Loader and Incorrect handle provided in unspecified circumstances in Mojo. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page," the vulnerability note read.
Mojo is a framework in that allows different processes within Chrome to communicate with each other.
A remote attacker could use these loopholes to inject and run any code they want on the target system, compromising it.
One of the vulnerabilities, dubbed CVE-2025-4664, is already being exploited in the wild, CERT-In said, urging users to urgently apply patches.
What should users do
CERT-In has asked users to immediately update to the latest versions of Google Chrome to shield against the security loopholes. The updates can be accessed through Chrome's built-in update system or the official Chrome Releases blogpost on May 14.
In a vulnerability note earlier this week, the nodel government cybersecurity agency warned that these vulnerabilities have been spotted in Chrome for Windows, MacOS and Linux.
The CERT-In vulnerability note CIVN-2025-0099 refers to Google Chrome versions prior to 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. All individuals and organisations using Google Chrome for desktop via Windows, MacOS or Linux run systems are exposed to these vulnerabilities, CERT-In said.
"Multiple vulnerabilities exist in Google Chrome due to insufficient policy enforcement in Loader and Incorrect handle provided in unspecified circumstances in Mojo. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page," the vulnerability note read.
Mojo is a framework in that allows different processes within Chrome to communicate with each other.
A remote attacker could use these loopholes to inject and run any code they want on the target system, compromising it.
One of the vulnerabilities, dubbed CVE-2025-4664, is already being exploited in the wild, CERT-In said, urging users to urgently apply patches.
What should users do
CERT-In has asked users to immediately update to the latest versions of Google Chrome to shield against the security loopholes. The updates can be accessed through Chrome's built-in update system or the official Chrome Releases blogpost on May 14.
You may also like
'I'm angry that I exist, the end goal is…': Chilling audio by Guy Edward Bartkus reveals true motive behind Palm Springs IVF clinic blast
YSRCP President Jagan Mohan Reddy condemns attack on dalit student at Tirupati
Assam: Drug worth Rs 3.16 crore recovered; CM hails Guwahati Police
India's maritime sector witnesses surge in women seafarers, 649% growth in 10 years: Union Minister Sonowal
After firing 700 employees for AI, Swedish company admits their mistake and plans to rehire humans. What went wrong?
