CERT-In warns macOS and Chrome users of serious security risk: How to stay safe online

India’s cyber security agency, the Indian Computer Emergency Response Team (CERT-In), has issued fresh advisories warning users of macOS and Google Chrome about serious software vulnerabilities that could lead to data theft or complete system compromise if left unpatched.

The alerts highlight weaknesses in Apple’s productivity applications and Google’s desktop browser that may be exploited through malicious documents or specially crafted requests. CERT-In has urged both individuals and organisations to install the latest updates without delay to reduce the risk of unauthorised access and information exposure.

According to the agency, one of the issues involves an out-of-bounds read error in Pages, while another stems from a flaw in the QuickLook component used by Keynote. These weaknesses could be exploited if users are tricked into opening specially crafted files, potentially allowing attackers to access sensitive data.

Apple has addressed the problems in updated versions of Pages and Keynote released on January 28 for devices running macOS Sequoia 15.6 and newer. The issues are tracked under CVE-2025-46316 and CVE-2025-46306.

The vulnerability is linked to an improper implementation of Chrome’s Background Fetch API. CERT-In warned that attackers could exploit the flaw using a specially crafted request, potentially enabling remote code execution on affected systems.

Classified as a high-severity issue, the vulnerability could result in full system compromise or disruption of services if successfully exploited. Google has resolved the issue in its Stable Channel update released on January 27. The flaw is tracked as CVE-2026-1504.