Amid rising cyber threats, India’s national cyber security agency has issued fresh alerts, urging users and organisations to act quickly to secure their systems from potential attacks.
The Indian Computer Emergency Response Team has released security advisories warning macOS and Google Chrome users about vulnerabilities that could lead to data theft or complete system compromise if left unpatched. The alerts point to security gaps in Apple’s productivity applications and Google’s desktop browser that can be exploited through malicious files or specially crafted requests. Users have been advised to install the latest updates without delay to reduce the risk of unauthorised access and information disclosure.
Apple apps affected on macOS
In an advisory dated January 29, the agency highlighted multiple vulnerabilities impacting Apple Pages and Keynote versions earlier than 15.1. Listed under Vulnerability Note CIVN-2026-0056, the issues include an out-of-bounds read flaw in Pages and an error in the QuickLook component used by Keynote.
According to the advisory, attackers could exploit these weaknesses by tricking users into opening specially crafted documents, which may result in exposure of sensitive data. Apple has fixed the issues in Pages 15.1 and Keynote 15.1, released on January 28, for macOS Sequoia 15.6 and later. The vulnerabilities are tracked as CVE-2025-46316 and CVE-2025-46306.
High-risk flaw found in Google Chrome
Separately, the agency issued another advisory, CIVN-2026-0051, warning of a high-severity remote code execution vulnerability in Google Chrome on desktop systems. The issue affects Chrome versions earlier than 144.0.7559.109 or 144.0.7559.110 on Windows and macOS, and versions before 144.0.7559.109 on Linux.
The flaw is linked to an improper implementation in Chrome’s Background Fetch API. It could allow attackers to run arbitrary code on a targeted system using a specially crafted request. The vulnerability has been rated as high risk, as successful exploitation could lead to system takeover or service disruption.
Google addressed the issue in its Stable Channel update released on January 27. The vulnerability is tracked as CVE-2026-1504.
Update advice
The agency has strongly advised users to apply the latest updates from Apple and Google and to review official security release notes to ensure systems remain protected.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
