The Indian government issued a high-severity cybersecurity alert for Google Chrome users Tuesday. Officials urged immediate updates to prevent remote attackers from hijacking vulnerable systems.
The national cybersecurity agency, CERT-In, released the advisory following reports of a zero-day flaw. This vulnerability, tracked as CVE-2026-2441, is already being exploited in the wild, Google confirmed. The flaw impacts Chrome versions on Windows, Mac, and Linux systems.
Also Read |Â Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
The agency identified a critical memory error within the browser’s engine. Therefore, hackers can execute arbitrary code without needing physical access to a device. Vulnerable versions include those older than 145.0.7632.75 on Windows and Mac.
Meanwhile, Linux users must update to version 144.0.7559.75 to remain safe. CERT-In officials noted that the risk of system compromise is significantly high. In fact, attackers can trigger the flaw simply by luring users to a malicious website.
The vulnerability stems from a “Use-After-Free” bug in the CSS component. This part of the browser handles website layouts, colors, and font styles. A “Use-After-Free” error occurs when a program continues to access memory after it was cleared.
After the memory is freed, a hacker can fill that space with malicious data. Then, the browser mistakenly executes that data as legitimate code. Security researcher Shaheen Fazim reported the flaw to Google last week, according to technical disclosures.
Also Read |Â Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
Attackers do not need to steal passwords or install files manually. Instead, they convince a user to click a link or visit a crafted webpage. Once the page loads, the CSS bug triggers automatically.
As a result, the hacker could steal browser data or install stealthy malware. Still, the code typically runs within the Chrome “sandbox,” which limits initial damage. Yet attackers often combine this with other flaws to gain full system control.
The government calls the update “urgent” for all desktop users. Still, many users rely on automatic updates that may take days to trigger. History shows that zero-day exploits spread fastest in the first 48 hours after a patch is released.
Therefore, waiting for a background update leaves systems exposed to active threats. In fact, Google has not shared specific details about who is currently being targeted. Thus, every user should assume they are at risk until they manually relaunch the browser.
Also Read |Â Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
Mobile versions of Chrome on Android and iOS appear unaffected by this specific bug. In fact, Google’s advisory focused solely on the Stable Desktop channel. Therefore, the fix does not yet apply to the mobile ecosystem.
Still, users of Chromium-based browsers like Edge and Brave remain in a gray area. They must wait for their respective developers to port the Google security fix. Until those updates arrive, users on those platforms remain technically vulnerable to the same CSS attack.
You must manually verify your Chrome version to ensure your data is safe. First, click the three-dot menu in the top-right corner of your browser. Then, navigate to Settings and select “About Chrome.”
Finally, allow the browser to fetch the update and click “Relaunch.” The patch only takes effect after the browser completely restarts. Before doing so, save all open work to avoid losing unsynchronized data during the reboot.
Google will continue restricting full bug details until a majority of users update. Then, the company will likely release a detailed technical post-mortem of the exploit. Finally, cybersecurity agencies plan to monitor for “copycat” attacks using the same CSS method throughout February.
Also Read |Â Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
End…
