Overview
- India’s national cybersecurity agency issued the alert on October 30, later amplified in media reports on November 4.
- Desktop Chrome versions prior to 142.0.7444.59 on Linux and prior to 142.0.7444.59/60 on Windows and macOS are listed as vulnerable.
- The advisory says attackers could execute arbitrary code, bypass security protections, perform spoofing, or access sensitive data.
- Root causes span core components, including type confusion and races in V8, issues in extensions and autofill, media object lifecycle errors, incorrect security UI, policy bypasses, use-after-free, and out-of-bounds reads.
- Users are instructed to update via Chrome’s Settings > About > Update Chrome, and the coverage does not report confirmed widespread exploitation.