Security News > 2020 > August > Google Patches Email Spoofing Vulnerability After Public Disclosure

Google Patches Email Spoofing Vulnerability After Public Disclosure
2020-08-20 18:35

Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April.

"I chose to send to another G Suite account to demonstrate that Google's strong mail filtering and anti-spam techniques do not block or detect this attack," the researcher explained.

The security hole was reported to Google on April 3 and the company confirmed it on April 16, when it assigned priority and severity ratings of "2." Google later marked the flaw as a duplicate, but it still did not roll out a patch.

On August 1, Husain informed the company that she would be making her findings public on August 17.

Google told her that it would be releasing a patch on September 17, but it actually addressed the issue seven hours after its details were made public, 137 days after it learned of its existence.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/zr9_j2ntjno/google-patches-email-spoofing-vulnerability-after-public-disclosure

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995