Chrome Zero-Day Under Active Exploitation: CERT Issues Urgent Patch Advisory

A critical zero-day vulnerability in Google Chrome is being actively exploited, prompting a nationwide warning from the National Computer Emergency Response Team (CERT). The flaw affects all desktop platforms, windows, macOS, and Linux, and allows attackers to take full control of a system simply by visiting a malicious website.

According to the advisory (NCA-52.121225), the vulnerability enables remote code execution (RCE) with no user interaction beyond loading a webpage. Analysts warn that attackers could bypass Chrome’s sandbox protections, deploy malware, steal sensitive data, and fully compromise affected systems.

Why This Zero-Day Is Highly Dangerous

The attack stands out for several reasons. It was observed in the wild before public disclosure, meaning hackers exploited it as a zero-day. Its low complexity allows attacks without credentials or special privileges. The potential impact is severe, with full system compromise possible. Chrome’s widespread use for browsing untrusted websites further amplifies the threat.

The vulnerability has been assigned a CVSS score of 9.8 (Critical), placing it among the most serious browser security flaws in recent years.

Who Is at Risk?

• Google Chrome Desktop: All versions before the December 2025 stable release.
• Chromium-based browsers: Including Microsoft Edge, Brave, and Opera, if running Chromium versions earlier than 128.0.6543.112.

Signs of Exploitation

• Organizations are advised to monitor for unusual browser behavior, including:
• Unexpected Chrome child processes running in the background
• Sudden spikes in CPU or memory usage
• Outbound network traffic immediately after visiting websites
• Appearance of unfamiliar files after browsing sessions
• Repeated connections to suspicious domains

These signs could indicate an active attack.

CERT’s Recommendations

The National CERT has issued clear guidance to mitigate risks:

• Update Google Chrome immediately to the December 2025 Stable release
• Restart the browser after updating to ensure patches are applied
• Deploy updates across enterprise systems via centralized management tools
• Monitor browser activity and network traffic for anomalies
• Limit unnecessary extensions and enforce least-privilege access

For systems that cannot be patched immediately, users should avoid untrusted websites, disable non-essential extensions, and conduct risky browsing in sandboxed or restricted environments.

This zero-day is not hypothetical. Active exploitation is already occurring, putting unpatched systems at high risk. Prompt updates are the only reliable defense against this Chrome vulnerability. Failure to act could result in widespread malware deployment, data theft, and complete system compromise.