India’s cybersecurity agency CERT-In has issued fresh security advisories warning users about vulnerabilities that could lead to data theft or system compromise. The alerts apply to macOS users running certain Apple apps and desktop users of Google Chrome. CERT-In has urged users and organisations to install the latest updates without delay. Also Read: Google Maps’ new Gemini feature will help you navigate better on foot and cycle
Apple apps flagged on macOS
In an advisory issued on January 29, CERT-In warned macOS users about security flaws affecting Apple’s Pages and Keynote apps. The vulnerabilities impact versions of Pages and Keynote released before version 15.1. 
Also Read: Why Apple may not launch the standard iPhone 18 this year
According to the advisory, the issue in Pages is linked to an out-of-bounds read flaw, while the Keynote problem is tied to the QuickLook component. These flaws could be exploited if a user is tricked into opening a specially crafted document. In such cases, attackers may be able to access sensitive data stored on the system. Also Read: How to Use ChatGPT Translate: A Quick Step-by-Step Guide
CERT-In noted that Apple has already addressed these issues. The fixes were rolled out with Pages 15.1 and Keynote 15.1, which were released on January 28 for systems running macOS Sequoia 15.6 and later. The vulnerabilities are tracked under CVE-2025-46316 and CVE-2025-46306.
High-risk Google Chrome vulnerability
CERT-In has also issued a separate warning for desktop users of Google Chrome. In an advisory dated January 28, the agency flagged a high-severity vulnerability that could allow remote code execution.
The issue affects Chrome versions older than 144.0.7559.109 on Linux, and versions before 144.0.7559.109 or 144.0.7559.110 on Windows and macOS. CERT-In said the flaw stems from an improper implementation in Chrome’s Background Fetch API.
If exploited through a specially crafted request, the vulnerability could allow attackers to execute arbitrary code on the target system. CERT-In categorised the risk as high, noting that successful exploitation could lead to full system compromise or service disruption.
Google has fixed the issue in its latest Stable Channel update released on January 27. The vulnerability is tracked as CVE-2026-1504.
What users should do
CERT-In has advised users to immediately update their Apple apps and Chrome browser to the latest available versions. It has also recommended checking official release notes from Apple and Google for further technical details.
The agency warned that delaying updates increases the risk of unauthorised access and data theft, especially for users who regularly open files from unknown sources or browse the web without updated protections.
