India’s warning for users of the Google Chrome browser on desktop computers is of high-severity risk. Multiple vulnerabilities that could allow an assailant to take over a user’s machine was reported by the Computer Emergency Response Team (CERT-In). CERT-In is the agency for cyber incident response and protection of the cyber space of the country. The advisory was published on March 30, 2026, and is of record CIVN-2026-0167.
key Takeaways:
- The Indian government classifies these security vulnerabilities with Chrome as high severity.
- The bugs in question can allow an attacker to execute remote data theft or remote data theft.
- The vulnerabilities affect Chrome versions prior to 146.0.7680.164 on Windows, Mac, and Linux.
- The vulnerabilities are in components of the browser’s WebAudio, WebGL, and WebGPU.
- To safeguard against further risk, users are advised to immediately update their Chrome browser.
Flaws in security affect users across Windows, macOS, and Linux; if you are using older versions than 146.0.7680.164 or 146.0.7680.165 on Windows and Mac, you are at risk. Linux users are at risk if using anything older than 146.0.7680.164. If you haven’t updated your browser in a long time, then there are high chances that personal files and passwords will be compromised, even if you have not given an attacker direct access.
No physical access to your computer is required, and hackers will employ a social engineering tactic where they will convince someone to go to a specially crafted target website. Once an attacker has control of a target browser, they can use bugs in that browser to execute a number of malicious operations that the users did not intend to execute, including crashing the users’ system or inadvertently sending sensitive personal files to an attacker.
From a government source, the technical problems consisted of use after free and heap buffer overflow, both occurring in the audio and graphics rendering components of a browser. While the names are more technical, the user is left with a memory management void, an area that hackers can use to take control of the user’s system.
Because there are already patches for these bugs, the first event that is meant to be a protective measure is to ensure that there are no updates that have been missed. Open the Chrome browser, and in the top right corner, there are 3 dots for options; in here, there is a menu option for Help, and then an option for About; this will initiate a versions check and update if there are any available, if not, it will be done.
Cybersecurity specialists advise users to ensure that their software is consistently updated. Most cyber attacks focus on older versions of programs due to the presence of well-known vulnerabilities. Thus, remaining on the most current version is an easy method of safeguarding one’s digital life.
FAQ
Q1: How can I check if Chrome is updated?
A1: You can check if Chrome is updated by clicking the three dots on the top right corner of the screen. After that go to the Help section and select the option that says About Google Chrome. This section will display your current version and tell you if Chrome is updated or not.
Q2: Should I be concerned about the Chrome app on my phone?
A2: The current government advisory specifies the desktop version of Chrome for Windows, macOS, and Linux. It is good practice to update the apps on your phone, but this warning is meant for users on their computers.
Q3: What does it mean to have a high severity rating?
A3: A high severity rating means the flaw can be exploited by hackers and can lead to dire consequences such as identity theft or giving remote access to your computer.
Q4: Will I have to pay for the update?
A4: You will not have to pay as Google does not charge for the update. If you get a pop up asking you to pay to update the browser, that is a scam.
