The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity warning for Google Chrome users. The government agency has found a serious remote code execution vulnerability that could allow attackers to take control of affected systems.
The flaw affects Google Chrome versions 141.0.7390.122/.123 and earlier on Windows and macOS, and version 141.0.7390.122 and earlier on Linux. This issue could let a remote attacker run arbitrary code on a user’s computer, leading to a complete system compromise or service disruption.
According to CERT-In, the problem exists due to an inappropriate implementation in Chrome’s V8 engine, which handles JavaScript execution. A remote attacker could exploit this flaw by sending specially crafted web requests. This could make the browser behave unexpectedly and execute harmful code without the user’s knowledge.
If exploited successfully, attackers could gain the same level of access as the logged-in user. This means they could steal sensitive data, install malware, or disrupt normal system operations.
Google has already released a patch to fix this issue. The company rolled out the security update on October 21, 2025, as part of its Stable Channel Update for Desktop. The updated Chrome versions are 141.0.7390.122/.123 for Windows and macOS, and 141.0.7390.122 for Linux. The update is being released gradually and will reach all users in the coming days.
I strongly advise all Chrome users to update their browsers immediately. Updating to the latest version will protect against potential attacks that exploit this vulnerability. Users can manually check for updates by going to Help > About Google Chrome in the browser menu.
