CERT-In Issues Critical Security Alerts for macOS Apps & Chrome Browser
CERT-In Warns of macOS, Chrome Security Vulnerabilities

CERT-In Issues Critical Security Alerts for macOS Apps & Chrome Browser

India's national cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has released fresh security advisories warning users about serious software vulnerabilities affecting both macOS applications and the Google Chrome browser. These newly identified weaknesses pose significant risks, including potential data theft and complete system compromise if left unpatched.

Apple's Productivity Applications Under Threat

In an advisory dated January 29, CERT-In highlighted multiple security issues impacting Apple's popular productivity applications—Pages and Keynote—on macOS systems. The vulnerabilities specifically affect versions released before Pages 15.1 and Keynote 15.1, putting numerous users at risk.

According to detailed analysis by the cybersecurity agency, one critical issue involves an out-of-bounds read error within the Pages application. Another significant vulnerability stems from a flaw in the QuickLook component utilized by Keynote. These security gaps could be exploited when users are deceived into opening specially crafted malicious documents, potentially granting attackers unauthorized access to sensitive personal or organizational data.

Apple has proactively addressed these concerns through updated versions of Pages and Keynote released on January 28. The fixes are available for devices running macOS Sequoia 15.6 and newer operating systems. These security issues have been officially tracked under the identifiers CVE-2025-46316 and CVE-2025-46306 in the Common Vulnerabilities and Exposures database.

High-Risk Vulnerability in Google Chrome

CERT-In has simultaneously raised alarms about a high-severity vulnerability discovered in Google Chrome for desktop platforms. This critical flaw affects Chrome versions earlier than 144.0.7559.109 on Linux systems, and versions earlier than 144.0.7559.109 or 144.0.7559.110 on Windows and macOS environments.

The vulnerability is specifically linked to an improper implementation of Chrome's Background Fetch API. CERT-In's technical assessment warns that malicious actors could exploit this weakness through specially crafted requests, potentially enabling remote code execution on affected systems. This classification as a high-severity issue means successful exploitation could result in complete system compromise or significant disruption of services.

Google has resolved this critical security gap in its Stable Channel update released on January 27. The vulnerability has been formally documented under the identifier CVE-2026-1504, allowing security professionals worldwide to track and understand its implications.

Immediate Action Required

CERT-In has strongly advised both individual users and organizational entities to promptly install the latest security updates released by Apple and Google. The agency emphasizes that timely patching is crucial to mitigate the identified risks and prevent potential unauthorized access or information exposure.

The cybersecurity body also recommends that users and IT administrators review official security release notes from both companies for detailed information about the fixes and affected systems. This additional step ensures comprehensive understanding of the vulnerabilities and appropriate implementation of protective measures.

These advisories come as part of CERT-In's ongoing efforts to enhance India's cybersecurity posture and protect digital infrastructure from evolving threats. The agency continues to monitor the cybersecurity landscape and issue timely warnings to safeguard users against potential attacks targeting software vulnerabilities.