NCERT Warns of Critical Google Chrome Security Flaw

The National Computer Emergency Response Team has issued a security advisory warning of a critical zero-day vulnerability in Google Chrome that is being actively exploited and could allow attackers to take control of users’ systems.

According to National CERT, the flaw affects all desktop versions of Google Chrome, including Windows, macOS and Linux. The vulnerability can be exploited simply by visiting a malicious or compromised website, without any further user action.

The advisory said the vulnerability allows remote code execution and may enable attackers to bypass Chrome’s built-in security protections. This could lead to full system compromise, data theft and unauthorized access to sensitive information.

National CERT warned that successful attacks could result in the execution of malicious code, theft of stored browser data and credentials, installation of malware and changes to system settings.

Indicators of possible compromise include unusual Chrome background processes, sudden increases in CPU or memory usage, unexpected network traffic after browsing, and the appearance of unknown or suspicious files on the system.

The advisory noted that the issue affects Chrome versions released before the December 2025 stable update. Chromium-based browsers such as Microsoft Edge, Brave and Opera may also be affected if they are running vulnerable versions.

The vulnerability has been rated critical with a CVSS score of 9.8, indicating a high risk to unpatched systems.

National CERT has strongly advised users and organisations to immediately update Google Chrome to the latest December 2025 stable version and restart the browser to apply the fix.

Organisations have also been urged to roll out updates across all systems without delay, monitor browser and network activity closely, limit unnecessary browser extensions and strengthen endpoint and network security measures to reduce the risk of ongoing attacks.