CERT-In High Alert: Update Chrome & Firefox Now To Block Critical Browser Vulnerabilities

Q: What is CERT-In?

CERT-In is India’s national authority for cybersecurity, issuing alerts on high-severity threats.

Q: Do these flaws affect mobile browsers?

Yes—Android versions of Chrome and Firefox are susceptible until updated.

Q: Can automatic updates prevent all attacks?

They patch known vulnerabilities fast, but zero-days may still emerge.

Q: How do I know if my browser was exploited?

Look for crashes, unknown extensions, or unusual network activity.

Q: Are other browsers safe?

Regularly patch any browser. Edge and Safari also issue advisories.

Q: What if I can’t update immediately?

Use a different device or browser profile, and avoid untrusted sites until patched.

India’s CERT-In Browser Alert: What You Need to Know

On October 21, 2025, the Computer Emergency Response Team of India (CERT-In) issued a high-severity warning for millions of Google Chrome and Mozilla Firefox users. Critical flaws in both browsers impacting Windows, macOS, Linux, and Android could allow remote attackers to steal data, execute malicious code, or crash systems entirely. Users must update immediately.

Short Answer: India’s cybersecurity agency has identified heap buffer overflows, memory corruption bugs, and improper cookie isolation in Chrome and Firefox. Update Chrome to 141.0.7390.65/.66 and Firefox to 144 or higher to block exploits.

What Happened? Details of the CERT-In Advisory

CERT-In’s advisory follows discovery of multiple dangerous vulnerabilities:

Heap buffer overflow in Chrome’s WebGPU and Video components
Integer overflow in Firefox’s Canvas2D graphics system
Just-In-Time (JIT) miscompilation in Firefox’s JavaScript engine
Improper cookie storage isolation across both browsers

An attacker who convinces a user to visit a malicious page could trigger these flaws, leading to remote code execution or data disclosure. Over 140,000 browser-based attacks targeted outdated versions in India over the past year, underscoring the urgency.

Affected Versions & Platforms

Browser	Affected Versions	Fixed In
Chrome	< 141.0.7390.54 (Linux), < 141.0.7390.54/55 (Win/Mac)	141.0.7390.65/.66
Firefox	< 144	144
Firefox ESR	< 115.29, < 140.4	115.29, 140.4
Thunderbird	< 140.4	140.4

How to check your version:

Chrome: Menu → Help → About Google Chrome
Firefox/Thunderbird: Menu → Help → About Firefox (or Thunderbird)

Why These Flaws Matter

Remote Code Execution (RCE): Attackers can run arbitrary code install malware, steal files, or deploy ransomware.
Data Theft: Session cookies or stored credentials may be exposed, leading to account hijacking.
System Instability: Heap overflows can crash the browser or entire system.

In real-world tests, delayed updates allowed phishing payloads to leverage the Chrome WebGPU overflow within hours of advisory publication.

Step-by-Step Update Guide

Google Chrome

Open Chrome.
Click the three-dot menu (⋮) → Help → About Google Chrome.
Chrome will auto-download version 141.0.7390.65/.66.
Click Relaunch to install.

Mozilla Firefox

Open Firefox.
Click the hamburger menu (☰) → Help → About Firefox.
Firefox will auto-update to 144.
Restart Firefox to complete the patch.

For Android, visit the Play Store or system updates and ensure you have the latest build.

What Happens If You Don’t Update?

Data Theft: Session cookies and autofill data at risk.
Malware Installation: Drive-by downloads can occur without user consent.
System Takeover: Full system compromise from a single click on a crafted link.

Case in point: a media organization delayed Firefox updates by two days, leading to a targeted spear-phishing attack that exfiltrated internal emails.

Best Practices to Stay Safe

Enable Automatic Updates: In browser settings, turn on auto-updates.
Limit Extensions: Uninstall unused or untrusted add-ons.
Avoid Suspicious Links: Hover to verify URLs before clicking.
Regular Backups: Maintain offline backups of critical data.
Monitor Security News: Subscribe to CERT-In or browser vendor advisories.

Chrome vs. Firefox: Security Update Comparison

Aspect	Chrome	Firefox
Patch Frequency	Weekly	Major + ESR quarterly
Vulnerability Types	Heap overflow, memory corruption	Integer overflow, JIT miscompile
Auto-Update Ease	Default on	Default on
Exploit Complexity	Moderate – WebGPU & Video pipelines	High – Canvas2D & JS engine
User Action Required	Restart browser	Restart browser

Frequently Asked Questions

What is CERT-In?
CERT-In is India’s national authority for cybersecurity, issuing alerts on high-severity threats.

Do these flaws affect mobile browsers?
Yes Android versions of Chrome and Firefox are susceptible until updated.

Can automatic updates prevent all attacks?
They patch known vulnerabilities fast, but zero-days may still emerge.

How do I know if my browser was exploited?
Look for crashes, unknown extensions, or unusual network activity.

Are other browsers safe?
Regularly patch any browser. Edge and Safari also issue advisories.

What if I can’t update immediately?
Use a different device or browser profile, and avoid untrusted sites until patched.

The Bottom Line

CERT-In has flagged critical vulnerabilities in Chrome and Firefox that let attackers steal data or take over systems. Update to Chrome 141.0.7390.65/.66 and Firefox 144 now. Enable auto-updates, limit extensions, and stay vigilant online.