India’s cybersecurity watchdog, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert for Google Chrome desktop users, flagging multiple security vulnerabilities that could leave systems exposed to remote attacks.
Join our WhatsApp Channel to Stay Updated!
Published today (February 20, 2026) under advisory CIVN-2026-0096, the warning highlights flaws that could allow attackers to execute malicious code simply by luring users to a compromised webpage. CERT-In cautions that outdated Chrome versions are particularly at risk, potentially enabling hackers to take control of affected devices.
Users of Windows and macOS with Chrome versions earlier than 145.0.7632.109/110 are at risk, as are Linux users with versions prior to 144.0.7559.109. In essence, this issue is not confined to tech experts or corporate settings. Anyone using Chrome on a desktop or laptop for web browsing could be vulnerable if they haven't updated their browser. This includes students, office workers, freelancers, and organizations that depend on Chrome for daily tasks.
What Went Wrong
Security analysts say Chrome’s internal flaws including heap buffer overflows in PDF and media handling, and an integer overflow in the V8 engine, could let attackers run malicious code simply by visiting a compromised webpage, without any downloads or suspicious files.
Cybersecurity specialists regard these vulnerabilities as some of the most perilous types of software defects due to their ability to allow remote code execution. These problems are officially identified as CVE-2026-2648, CVE-2026-2649, and CVE-2026-2650.
Google has issued patches via its most recent Chrome stable update, successfully addressing the security vulnerability. CERT-In recommends that users do not depend solely on automatic updates. By manually verifying updates in Chrome's settings and restarting the browser, users can ensure the fix is implemented right away.
