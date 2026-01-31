India’s cybersecurity agency CERT-In has issued fresh security advisories warning users about vulnerabilities that could lead to data theft or system compromise. The alerts apply to macOS users running certain Apple apps and desktop users of Google Chrome. CERT-In has urged users and organisations to install the latest updates without delay. Also Read: Google Maps’ new Gemini feature will help you navigate better on foot and cycle

Apple apps flagged on macOS

In an advisory issued on January 29, CERT-In warned macOS users about security flaws affecting Apple's Pages and Keynote apps. The vulnerabilities impact versions of Pages and Keynote released before version 15.1.

According to the advisory, the issue in Pages is linked to an out-of-bounds read flaw, while the Keynote problem is tied to the QuickLook component. These flaws could be exploited if a user is tricked into opening a specially crafted document. In such cases, attackers may be able to access sensitive data stored on the system.

CERT-In noted that Apple has already addressed these issues. The fixes were rolled out with Pages 15.1 and Keynote 15.1, which were released on January 28 for systems running macOS Sequoia 15.6 and later. The vulnerabilities are tracked under CVE-2025-46316 and CVE-2025-46306.

High-risk Google Chrome vulnerability

CERT-In has also issued a separate warning for desktop users of Google Chrome. In an advisory dated January 28, the agency flagged a high-severity vulnerability that could allow remote code execution.

The issue affects Chrome versions older than 144.0.7559.109 on Linux, and versions before 144.0.7559.109 or 144.0.7559.110 on Windows and macOS. CERT-In said the flaw stems from an improper implementation in Chrome’s Background Fetch API.

If exploited through a specially crafted request, the vulnerability could allow attackers to execute arbitrary code on the target system. CERT-In categorised the risk as high, noting that successful exploitation could lead to full system compromise or service disruption.

Google has fixed the issue in its latest Stable Channel update released on January 27. The vulnerability is tracked as CVE-2026-1504.

What users should do

CERT-In has advised users to immediately update their Apple apps and Chrome browser to the latest available versions. It has also recommended checking official release notes from Apple and Google for further technical details.

The agency warned that delaying updates increases the risk of unauthorised access and data theft, especially for users who regularly open files from unknown sources or browse the web without updated protections.