Security News > 2021 > February > What are these suspicious Google GVT1.com URLs?

The domains *.gvt1.com and *.gvt2.com, along with their subdomains, are owned by Google and typically used to deliver Chrome software updates, extensions, and related content.

The GVT in the gvt1.com domain stands for Google Video Transcoding, and is used as a cache server for content and downloads used by Google services and applications.

Put simply, the *.gvt1.com domains are only used by Google to deliver official content, Chrome browser updates, and Android-related executables.

"Redirector.gvt1.com is a redirection service used by Google for a variety of purposes, including download of updates, etc.," Eric Lawrence, a former member of the Chrome Security Team, stated in a Google bug post.

What is concerning, is that Google continues to use the insecure HTTP protocol rather than HTTPS when connecting to these URLs.

Google should switch to using HTTPS to prevent potential MiTM attacks, and administrators should continue to follow best practices such as analyzing traffic from the URLs.

News URL

https://www.bleepingcomputer.com/news/security/what-are-these-suspicious-google-gvt1com-urls/