Security News > 2020 > August > Google Patches Email Spoofing Vulnerability After Public Disclosure
Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April.
"I chose to send to another G Suite account to demonstrate that Google's strong mail filtering and anti-spam techniques do not block or detect this attack," the researcher explained.
The security hole was reported to Google on April 3 and the company confirmed it on April 16, when it assigned priority and severity ratings of "2." Google later marked the flaw as a duplicate, but it still did not roll out a patch.
On August 1, Husain informed the company that she would be making her findings public on August 17.
Google told her that it would be releasing a patch on September 17, but it actually addressed the issue seven hours after its details were made public, 137 days after it learned of its existence.