Indian Government Issues ‘Critical’ Warning for Android and Chrome Users: Check If Your Device is Affected
In a recent cybersecurity advisory, the Indian Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and Information Technology, has issued a ‘critical’ severity warning for users of Google Chrome and Android operating systems. The alert warns of multiple high-risk vulnerabilities that could potentially expose users to cyberattacks, data theft, and unauthorized access.
What’s the Warning About?
The warning, dated April 2025, highlights severe security vulnerabilities in certain versions of the Google Chrome browser and Android OS, which could be exploited by hackers to execute arbitrary code, gain elevated privileges, or access sensitive information without user consent.
CERT-In has classified these vulnerabilities as “critical,” the highest severity rating in cybersecurity alerts. This means that users who fail to update their devices or browsers immediately could be at serious risk of being targeted by malicious actors.
Android Devices at Risk
According to CERT-In, several vulnerabilities have been found in Android versions 12, 12L, 13, and 14. These vulnerabilities span across multiple components, including:
- Android Framework
- System components
- Media Framework
- Google Play system updates
- Qualcomm and MediaTek chipsets
The vulnerabilities could allow a remote attacker to exploit specially crafted files or apps to gain elevated privileges or execute arbitrary code on a user’s device. This means an attacker could install malicious apps, access your personal data, or use your phone as a botnet node — without your consent or even your knowledge.
Google Chrome Also Affected
CERT-In also reported critical vulnerabilities in Google Chrome versions prior to 123.0.6312.122 for Windows, Mac, and Linux. These vulnerabilities are particularly dangerous because they affect a user’s browsing session, which may include access to passwords, financial information, and confidential communication.
The vulnerabilities arise from issues in Chrome’s:
- WebAssembly (WASM)
- WebCodecs
- ANGLE Graphics Engine
- Side Panel Search feature
- Compositing module
These flaws could allow attackers to trick users into visiting malicious websites or running harmful scripts that exploit browser-based vulnerabilities. Once compromised, an attacker may be able to execute code, crash the browser, or steal personal information stored in browser sessions.
Types of Threats Involved
The security flaws in Chrome are linked to issues in components such as ANGLE, WebGPU, WebCodecs, and Vulkan, which handle rendering and multimedia processing. Exploiting these flaws could lead to remote code execution (RCE), allowing attackers to install malware, steal credentials, or monitor user activity.
For Android, vulnerabilities in the System component, Framework, Kernel, and Qualcomm closed-source components could allow escalation of privileges and unauthorized code execution without any interaction from the user.
What Should Users Do?
CERT-In and Google both recommend that users:
- Update Google Chrome to the latest stable version (123.0.6312.105 or higher).
- Check for software updates on Android devices, especially security patches from the manufacturer or service provider.
- Avoid clicking on suspicious links or downloading unknown files, especially from email or messaging apps.
- Install trusted antivirus and anti-malware tools and enable Google Play Protect on Android devices.
Why This Is a Big Deal for India
India has over 600 million smartphone users, with more than 95% using Android. This makes Indian users particularly vulnerable to attacks exploiting Android flaws. Likewise, Chrome has a market share of over 85% among Indian browsers, meaning a significant percentage of internet users are exposed.
Hackers and cybercriminals frequently target widely-used platforms like Android and Chrome because of their massive user bases. Moreover, many users delay updating their devices, making them prime targets for older, already-patched vulnerabilities.
Final Thoughts: Stay Vigilant
This CERT-In advisory is a clear reminder that digital safety begins with awareness and action. Whether you’re using a flagship Android smartphone or a budget model, or browsing on Chrome casually — you’re a potential target if your software isn’t up to date.
Make it a habit to:
- Regularly check for OS and app updates
- Use trusted antivirus and security apps
- Avoid suspicious links and downloads
- Backup your data frequently
In an increasingly connected world, the smallest lapse in digital hygiene can have massive consequences.
