CERT-In alerts users to high-risk flaws in Apple Pages/Keynote and Google Chrome; apply patches now

🇮🇳India

TechnologyCybersecuritySoftware

Fri, Jan 30, 2026

InsightsWire News2026

India’s Computer Emergency Response Team (CERT-In) published advisories describing exploitable defects in two widely used software families: Apple’s Pages and Keynote and Google’s desktop Chrome. The Apple issues are parsing bugs that can be triggered by maliciously crafted documents, while the Chrome flaw is tied to the Background Fetch implementation and can be weaponised via a specially formed network request to achieve arbitrary code execution. Apple released fixes at the end of January 2026 (updates addressing versions prior to 15.1), and Google rolled a stable-channel Chrome update the same week to remediate builds older than 144.0.7559.109/110. Both vendor updates close actionable vulnerabilities that require only user interaction — opening a tainted document or visiting a crafted resource — to begin exploitation. CERT-In’s guidance emphasises rapid patching and baseline verification across managed devices. These advisories arrive amid a broader January patching wave in which multiple vendors rushed emergency updates for document-handling and legacy-component flaws; for example, Microsoft also pushed emergency fixes for an Office zero-day (CVE-2026-21509) that was observed being exploited in the wild and subsequently highlighted by U.S. authorities. That parallel response by other vendors and government agencies (which sometimes add actively exploited defects to accelerated remediation lists) underscores the heightened urgency for organisations to act quickly. Practical mitigations while patches are deployed include blocking or sandboxing untrusted attachments, tightening network request filtering (especially for Background Fetch-like APIs), enforcing stricter endpoint policies, and enhancing telemetry and behavior-based detection for staged exploitation patterns. The combined presence of client-side parsing bugs and a browser API issue increases risk for both individual users and enterprise fleets, particularly where patch cycles lag. Security teams should triage impacted hosts, verify versions, and accelerate deployment through coordinated change control to reduce the window of exposure.

PREMIUM ANALYSIS

Read Our Expert Analysis

Create an account or login for free to unlock our expert analysis and key takeaways for this development.

By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.

Free Access

No Payment Needed

Join Thousands of Readers

Recommended for you

Cybersecurity

Microsoft pushes urgent Office patch for a newly exploited zero-day used in targeted intrusions

Microsoft released fixes for CVE-2026-21509 after detecting active exploitation that undermines Office protections; mitigations and patches cover major supported Office builds and CISA has flagged the flaw for immediate remediation. The vulnerability appears to be leveraged in focused operations requiring user interaction and complex exploit chains, elevating the priority for high-value targets to deploy updates quickly.

Cybersecurity

Google: Multiple APTs and crime syndicates widely exploited a critical WinRAR flaw

Google Threat Intelligence Group says a high-severity WinRAR vulnerability (CVE-2025-8088) has been actively abused for months by both nation-state actors and financially motivated groups. Attackers leveraged crafted RAR archives and hidden alternate data streams to place persistent payloads — affecting government, military, technology, travel, and banking targets globally.

Cybersecurity

Google rolls Android updates to fix exploited Qualcomm zero-day

Google issued Android security updates patching roughly 130 vulnerabilities, including an exploited Qualcomm graphics zero-day, CVE-2026-21385 (CVSS 7.8). Organizations must prioritize devices on the 2026-03-01 and 2026-03-05 patch levels to close immediate exposure and treat this as part of a wider cross‑vendor wave of in‑the‑wild fixes (see recent Chrome and document‑parser advisories) that increases urgency for rapid deployment and verification.

Cybersecurity

CISA Adds Five Bugs to KEV; Two Linux Flaws Draw Immediate Attention

CISA added five actively exploited vulnerabilities to its Known Exploited Vulnerabilities list, including two Linux issues and a Microsoft Office zero-day; agencies must remediate by Feb. 16, 2026 for the Office bug while operators should urgently inventory exposed Telnet services and apply available fixes or mitigations. Rapid in-the-wild activity—dozens of probes against a high-severity GNU Inetutils telnet authentication bypass—heightens the urgency for immediate patching, network controls, and telemetry-based detection.

Cybersecurity

Intel and Google uncover critical flaws in TDX after joint security review

A joint security review by Google and Intel found multiple vulnerabilities and dozens of bugs in Intel's Trust Domain Extensions (TDX), including a flaw enabling full compromise of a protected virtual machine during migration. Intel has issued patches and published an advisory after an extensive technical report and five months of collaborative analysis.

Cybersecurity

Critical SolarWinds Web Help Desk Flaw Exploited; CISA Orders Rapid Patching

A critical unauthenticated remote code execution bug in SolarWinds Web Help Desk (WHD) rooted in AjaxProxy deserialization is being exploited in the wild and was added to CISA’s Known Exploited Vulnerabilities list, triggering compressed federal remediation deadlines. The listing arrived alongside other high-priority KEV additions this patch cycle, reinforcing that administrative consoles and legacy proxy components are high-risk and require immediate patching and network controls.

Cybersecurity

Critical vulnerabilities in Google Looker allow developer-level paths to full compromise

Security researchers found two serious flaws in Google Looker that let an attacker with developer privileges run code on hosts and extract the platform’s internal database. Google has patched cloud-hosted instances; organizations running self-managed Looker must update immediately or risk data theft and infrastructure takeover.

Cybersecurity

Anthropic's Claude Code: Flaws Threaten Developer Devices and Team Keys

Check Point disclosed critical flaws in Anthropic's Claude Code that allowed silent execution of commands and API key theft from cloned repositories. The issue sits within a broader, systemic risk: reasoning‑based developer tooling, agent connectors, and repo-applied configs expand the attack surface—so organizations must urgently harden CI/CD, key management, and repository execution defaults.