CERT-In Flags Critical macOS and Chrome Vulnerabilities, Urges Immediate Updates to Prevent Data Theft

India’s national cybersecurity watchdog has sounded the alarm for millions of macOS and Google Chrome users, warning that newly discovered vulnerabilities could leave devices exposed to data theft, unauthorised access, or even complete system takeover.

The Indian Computer Emergency Response Team (CERT-In) has issued fresh advisories highlighting critical flaws in Apple’s productivity apps and Google’s popular desktop browser. According to the agency, failing to install the latest updates could allow attackers to exploit these weaknesses using malicious files or specially crafted requests.

The warnings come at a time when cyber threats are becoming more sophisticated, targeting everyday tools people rely on for work and personal use. CERT-In has urged both individual users and organisations to act swiftly and apply security patches without delay.

Apple Fixes Flaws in Pages and Keynote

In an advisory released on January 29, CERT-In flagged multiple security issues affecting Apple’s Pages and Keynote applications on macOS. The vulnerabilities impact versions of the apps released before Pages 15.1 and Keynote 15.1.

According to the agency, one of the issues involves an out-of-bounds read error in Pages, while another stems from a flaw in the QuickLook component used by Keynote. These weaknesses could be exploited if users are tricked into opening specially crafted files, potentially allowing attackers to access sensitive data.

Apple has addressed the problems in updated versions of Pages and Keynote released on January 28 for devices running macOS Sequoia 15.6 and newer. The issues are tracked under CVE-2025-46316 and CVE-2025-46306.

High-Severity Chrome Vulnerability Identified

CERT-In has also raised concerns over a high-risk vulnerability in Google Chrome for desktop platforms. The flaw affects Chrome versions earlier than 144.0.7559.109 on Linux and earlier than 144.0.7559.109 or 144.0.7559.110 on Windows and macOS.

The vulnerability is linked to an improper implementation of Chrome’s Background Fetch API. CERT-In warned that attackers could exploit the flaw using a specially crafted request, potentially enabling remote code execution on affected systems.

Classified as a high-severity issue, the vulnerability could result in full system compromise or disruption of services if successfully exploited. Google has resolved the issue in its Stable Channel update released on January 27. The flaw is tracked as CVE-2026-1504.

Users Urged to Update Immediately

Given the seriousness of the threats, CERT-In has advised users to promptly install the latest updates released by Apple and Google to mitigate the identified risks. The agency also recommended reviewing official security release notes for detailed information on the fixes and affected systems.

Cybersecurity experts say that keeping software updated remains one of the simplest and most effective ways to stay protected online. A few minutes spent installing updates today could prevent major security headaches tomorrow.