Security News > 2020 > August > Google Patches Email Spoofing Vulnerability After Public Disclosure
Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April.
"I chose to send to another G Suite account to demonstrate that Google's strong mail filtering and anti-spam techniques do not block or detect this attack," the researcher explained.
The security hole was reported to Google on April 3 and the company confirmed it on April 16, when it assigned priority and severity ratings of "2." Google later marked the flaw as a duplicate, but it still did not roll out a patch.
On August 1, Husain informed the company that she would be making her findings public on August 17.
Google told her that it would be releasing a patch on September 17, but it actually addressed the issue seven hours after its details were made public, 137 days after it learned of its existence.
News URL
Related news
- Google Pay alarms users with accidental ‘new card’ added emails (source)
- Google Scholar has a 'verified email' for Sir Isaac Newton (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)