CERT-In warns of flaws in Google Chrome and Mozilla Firefox: Update your browser to avoid serious security risks

India’s national cybersecurity agency, CERT-In (Computer Emergency Response Team - India), has issued a high-severity warning for users of Google Chrome and Mozilla Firefox, urging them to update their browsers immediately.

The alerts, is to warn of multiple security vulnerabilities that could allow hackers to steal personal data, execute remote code, or install malware on affected devices. The vulnerabilities impact users across Windows, macOS, and Linux platforms.

Critical flaws found in Google Chrome

According to CERT-In advisory CIVN-2025-0236, Chrome versions earlier than 141.0.7390.54 for Linux and 141.0.7390.54/55 for Windows and macOS contain several critical flaws.

The vulnerabilities, identified as CVE-2025-11205 and CVE-2025-11206, relate to heap buffer overflow bugs in Chrome’s WebGPU and Video components. These issues could allow attackers to run malicious code or crash the browser remotely.

Google confirmed that security researcher Atte Kettunen discovered the WebGPU flaw and was awarded a $25,000 bug bounty under its vulnerability rewards programme.

Other bugs include side-channel information leaks and memory management errors across Chrome’s Media, Storage, and Tab components.

Firefox users face sandbox and JavaScript engine flaws

CERT-In also released advisory CIVN-2025-0237, warning of critical flaws in Mozilla Firefox versions prior to 143.0.3.

The most severe vulnerability, CVE-2025-11152, involves a sandbox escape caused by an integer overflow in Firefox’s Canvas2D graphics engine. This allows attackers to break out of Firefox’s security sandbox and execute code with elevated privileges.

Another high-severity issue, CVE-2025-11153, affects Firefox’s JavaScript JIT compiler, potentially enabling remote code execution when users visit malicious websites.

Mozilla has since released the Firefox 143.0.3 update, which includes fixes for these vulnerabilities.

CERT-In urges users to update immediately

Both advisories are marked “high severity,” meaning they pose a significant risk to systems if left unpatched.

“A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted web page,” CERT-In stated in its advisory.

Users are advised to update their browsers immediately to stay protected.

Chrome users can go to Settings - Help - About Google Chrome to trigger the update.

Firefox users should head to Menu - Help - About Firefox to install the latest version.

Security patches already released

Both Google and Mozilla have issued patches addressing these security threats. Chrome’s latest release, version 141, includes fixes for 21 security issues in total. Mozilla’s Firefox 143.0.3 focuses on resolving the newly identified high-risk vulnerabilities.

Cybersecurity experts have emphasised the urgency of updating browsers, warning that unpatched vulnerabilities could serve as gateways for large-scale cyberattacks.

According to multiple reports, such browser-based exploits are increasingly being used by attackers to gain access to personal data, financial details, and corporate networks.