The national cyber-security agency, CERT-In, has issued a high-severity alert for users of the popular web browsers Google Chrome and Mozilla Firefox, warning that outdated versions of these applications could allow hackers to gain full control of users’ devices. The advisory urges all desktop users—especially those on Windows, macOS and Linux—to update immediately to the latest stable releases.

Details of the Vulnerability

CERT-In reports that certain browser versions contain “use-after-free” and heap-buffer-overflow vulnerabilities in modules such as WebGPU, video processing and tab storage. If exploited, attackers could craft malicious web pages or links able to trigger arbitrary code execution—giving them potential access to users’ data, system privileges or even control of the device. Some of the identified versions at risk include Chrome builds earlier than 141.0.7390.107/108 on Windows and macOS, and 141.0.7390.107 on Linux; similarly, Firefox versions older than 143.0.3 are considered vulnerable.

Why This Matters

• Wide usage: Chrome and Firefox together power the bulk of desktop browsing in India, making any exploit widely impactful.
• High stakes: With increasing dependence on web-based banking, work from home and digital services, a browser compromise can lead to data theft, ransomware or device hijack.
• Minimal warning: Unlike app-based breaches, browser vulnerabilities often offer little visible sign of compromise, meaning users may remain unaware until damage is done.

Immediate Steps for Users

Cyber-security specialists recommend the following actions without delay:

1. Update browser and extensions: Go to Settings → About → Check for Updates in Chrome or Firefox and apply the latest patch.
2. Enable auto-updates: Turn on automatic updates to ensure future vulnerabilities are patched promptly.
3. Check version number: Confirm you are running the version number listed as safe by your browser’s update page.
4. Avoid suspicious links and sites: Do not click on unexpected links or install add-ons from unknown publishers.
5. Use additional safeguards: Enable multi-factor authentication for online accounts and consider using reliable antivirus or endpoint protection software.

Broader Implications for India’s Digital Ecosystem

With India accelerating its digital transformation—from e-commerce to e-governance—browser security has become critical infrastructure. The alert from CERT-In underscores that even widely-used, mainstream software can become a vector for sophisticated cyber-attacks. Organisations, public-sector units and users alike must adopt continuous monitoring, patch management and cyber-hygiene practices. India’s regulatory and corporate sectors may also need to review compliance norms around software-update policy and incident-response readiness.