The Indian Computer Emergency Response Team has issued a high-severity security advisory concerning a critical vulnerability in Google Chrome that could lead to remote code execution on desktop systems using Windows, macOS, and Linux. This flaw, identified as CVE-2025-12036, affects Chrome versions earlier than 141.0.7390.122/.123 on Windows and macOS, and earlier than 141.0.7390.122 on Linux.
The vulnerability stems from a weakness in Chrome’s V8 JavaScript engine, which can be exploited if a user visits a specially crafted website or clicks on a malicious link. This could allow attackers to execute arbitrary code, potentially leading to malware deployment, data theft, or full system compromise. The flaw is related to how the V8 engine handles memory, relying on complex optimizations that can be manipulated by attackers through carefully crafted JavaScript.
Users are strongly advised to update their Chrome browsers immediately. By navigating to Help → About Google Chrome, users can trigger any pending updates, and a browser restart will apply the necessary fixes. It is crucial to ensure that the browser version is updated to 141.0.7390.122 or newer to mitigate the risk.
