Millions of internet users in India are being urged to update their browsers following a “High Severity” alert from the Indian Computer Emergency Response Team (CERT-In). The government agency, operating under the Ministry of Electronics and Information Technology, identified critical vulnerabilities in the desktop version of Google Chrome that could allow cybercriminals to take control of a victim’s system remotely.
The advisory, dated February 20, 2026, highlights that these weaknesses are not just theoretical but reside in core components of the browser used for rendering PDFs and processing JavaScript.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
Technical Breakdown: PDFium and V8 Flaws
The vulnerabilities exist in several foundational parts of the Chrome architecture:
PDFium & Media: “Heap buffer overflow” issues allow attackers to write more data to a memory buffer than it can hold, leading to memory corruption or malicious code execution.
V8 Engine: An “Integer overflow” in Chrome’s JavaScript engine (V8) can be exploited to bypass standard security sandboxes.
Exploitation Method: A remote attacker doesn’t need physical access. By luring a user to a “specially crafted” malicious webpage, the attacker can trigger these flaws automatically during the page’s rendering process.
Affected Versions: Check Your Browser
If you haven’t updated your browser in the last few days, you are likely at risk. The threat applies to:
Windows & macOS: Versions prior to 145.0.7632.109/110.
Linux: Versions prior to 144.0.7559.109.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
How to Patch: The 60-Second Security Fix
Google has already released a stable channel update to address these specific CVEs. To protect yourself:
Open Google Chrome.
Click the three vertical dots in the top-right corner.
Hover over Help and select About Google Chrome.
The browser will automatically check for updates.
Once downloaded, click Relaunch to apply the security patches.
Reality Check
Frequent security alerts for Chrome can feel like “crying wolf.” Still, the inclusion of PDFium and V8 in this specific alert is significant, as these are the most common entry points for sophisticated “zero-click” attacks. Therefore, while most users won’t be targeted, the sheer scale of Chrome’s user base in India makes it a high-reward environment for hackers. In fact, ignoring this update is effectively leaving your digital front door unlocked.
The Loopholes
The alert mentions that users are safe once they update. In fact, many Chromium-based browsers (like Microsoft Edge, Brave, and Vivaldi) share the same underlying engine. Therefore, the “loophole” is that an update to Chrome doesn’t protect you if you use Edge for work and haven’t updated that separately. Still, the “Automatic Update” loophole—where Chrome updates in the background—only works if you actually close and restart your browser. If you keep your laptop on “Sleep” for weeks with 50 tabs open, the patch is never actually applied.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
What This Means for You
If you are a business owner or IT administrator, this is the time to force a browser restart policy across all managed devices. First, verify the version numbers on your most critical systems. Then, if you are a personal user who frequently opens PDFs from unknown email senders, realize that your built-in PDF viewer is the specific component currently under threat.
Finally, understand that Remote Code Execution (RCE) is the “Holy Grail” for hackers, as it allows them to install spyware or ransomware without you knowing. You should consider using a secondary, hardened browser for high-risk activities like banking until you are certain your primary browser is patched. Before you continue browsing today, take exactly one minute to check that “About Chrome” page.
What’s Next
Google is expected to roll out more frequent, smaller security “milestones” throughout 2026 to stay ahead of V8 exploits. Then, look for CERT-In to issue a secondary advisory regarding Chromium-based mobile browsers if similar overflows are discovered in Android/iOS builds. Finally, on March 1, expect a wider report on the “exploit-in-the-wild” status of these specific vulnerabilities as more researchers analyze the patch.
Also Read | Imran Khan and Bushra Bibi Sentenced to 17 Years in Jail
End….
