National Computer Emergency Response Team has issued a security advisory warning users and organizations about a critical zero day vulnerability in Google Chrome that is currently being actively exploited in the wild. According to National CERT, the flaw poses a serious risk as it can allow attackers to take control of affected systems with minimal user interaction. The advisory highlights growing concerns around browser based attacks, particularly as web browsers remain one of the most commonly used entry points for cyber threats across both personal and enterprise environments.
National CERT stated that the vulnerability affects all desktop versions of Google Chrome running on Windows, macOS, and Linux platforms. The flaw can be exploited simply by visiting a malicious or compromised website, without requiring users to download files or click on additional prompts. Once triggered, the vulnerability enables remote code execution, allowing attackers to bypass Chrome’s built in security mechanisms. This level of access can potentially lead to full system compromise, exposing users to data theft, unauthorized access to sensitive information, and long term persistence by malicious actors. The advisory noted that the ease of exploitation significantly increases the risk, especially for users who have not applied recent browser updates.
According to the advisory, successful exploitation could result in the execution of malicious code on the victim’s system, theft of stored browser data such as saved credentials, installation of malware, and unauthorized changes to system configurations. National CERT also outlined several indicators that may suggest a system has been compromised. These include unusual Chrome background processes running without explanation, sudden spikes in CPU or memory usage, unexpected network traffic occurring shortly after browsing activity, and the presence of unknown or suspicious files on the device. Users and IT teams were advised to remain vigilant for such signs, as early detection can help limit damage and prevent further spread within networks.
The advisory further explained that the issue impacts Chrome versions released before the December 2025 stable update. In addition to Google Chrome, other Chromium based browsers such as Microsoft Edge, Brave, and Opera may also be affected if they are running vulnerable builds derived from the same code base. The vulnerability has been assigned a critical severity rating with a CVSS score of 9.8, reflecting the high level of risk to unpatched systems. National CERT emphasized that such a score indicates the vulnerability can be exploited easily and may have severe consequences if left unaddressed, particularly in organizational environments with large numbers of endpoints.
National CERT has strongly urged all users to immediately update Google Chrome to the latest December 2025 stable version and restart the browser to ensure the fix is properly applied. Organizations have been advised to prioritize the rollout of browser updates across all systems without delay, especially on machines used for sensitive operations or access to critical data. The advisory also recommended closely monitoring browser and network activity for suspicious behavior, limiting unnecessary browser extensions, and strengthening endpoint and network security controls to reduce exposure to ongoing attacks. By taking these steps, National CERT believes users and organizations can significantly reduce the risk posed by this actively exploited vulnerability and improve their overall security posture in the face of evolving browser based threats.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
