google

Google Chrome to Block Admin-level Browser Launches for Better Security

Google Chrome will prevent admin-level launches to enhance security, similar to a feature Microsoft implemented in Edge. This change ensures that the browser doesn't run with elevated permissions, reducing risks like unauthorized access through malicious downloads. A command-line switch will be added to manage this behavior in automation mode.

https://www.bleepingcomputer.com/news/google/google-chrome-to-block-admin-level-browser-launches-for-better-security/

Google Owner Alphabet to Buy Cybersecurity Startup Wiz for $32B

Google's parent company, Alphabet, plans to acquire cybersecurity startup Wiz for $32 billion, marking its largest acquisition. This move is part of Google's strategy to boost its cloud computing capabilities amid rising competition from Microsoft and Amazon. If approved by regulators, Wiz will enhance Google Cloud's security tools, which are crucial for handling increasing demand for AI-driven data centers. Despite the deal's potential benefits, concerns about antitrust implications loom, with the acquisition expected to face scrutiny before its anticipated closure in 2026.

https://apnews.com/article/google-alphabet-wiz-32-billion-e50fb41b9a84a1056a116f963e6efed0

You Have 7 Days To Act Following Gmail Lockout Hack Attacks, Google Says

Google warns Gmail users to act within 7 days if locked out due to hacks. Quick recovery is essential, especially after an attacker changes login credentials. Users should ensure a recovery phone number and email are linked to their accounts for regaining access. Google advises implementing stronger security measures like two-factor authentication (2FA) to prevent future breaches.

https://www.forbes.com/sites/daveywinder/2025/03/16/you-have-7-days-to-act-following-gmail-lockout-hack-attack-google-says/

Google’s ‘consent-less’ Android Tracking Probed by Academics

Google's Android tracking has been criticized by researchers for using identifiers to track users without consent. Research by Doug Leith from Trinity College Dublin highlights that data collection occurs before users open any apps, primarily through pre-installed services like Google Play. Key identifiers, such as the “DSID” cookie and Android ID, are created during the startup process and track users even after they log out, with no opt-out option available. Leith's findings suggest possible violations of data protection laws, which Google disputes, emphasizing a commitment to user privacy. Users have expressed frustration, especially regarding a recent system feature that scans images without consent.

https://www.theregister.com/2025/03/04/google_android/

New AI Protection From Google Cloud Tackles AI Risks, Threats, and Compliance

Google Cloud launched AI Protection, enhancing security for generative AI with capabilities to discover AI assets, secure them, and manage associated threats. It integrates with Google’s Security Command Center for comprehensive risk management and regulatory compliance. Key features include automatic inventory discovery, prompt injection prevention, and threat detection, providing a broader security platform to mitigate AI-related vulnerabilities.

https://www.securityweek.com/new-ai-protection-from-google-cloud-tackles-ai-risks-threats-and-compliance/

Google Fixes Flaw That Could Unmask YouTube Users’ Email Addresses

Google fixed vulnerabilities that could expose YouTube users' email addresses by chaining YouTube and Pixel Recorder APIs to reveal Google Gaia IDs, enabling identity breaches. Researchers disclosed the issues, noting significant privacy risks for anonymous users. After reporting, Google increased the bounty for the findings and implemented fixes on February 9, 2025.

https://www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

Hackers are using Google Tag Manager to insert credit card skimmer malware in Magento e-commerce sites. A security report by Sucuri identified obfuscated scripts masquerading as typical GTM code that provides attackers with backdoor access. The malware, stored in the Magento database, harvests user data during checkout and sends it to the attackers’ servers. This abuse of GTM for malicious purposes isn't new, with similar incidents reported since 2018. Recently, two Romanian nationals were charged for their involvement in a payment card skimming operation.

https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html

Google Cloud Build Vulnerability Enables Data Destruction

Extreme TLDR: A Cisco Talos report reveals a Google Cloud Build vulnerability that allows attackers to delete or encrypt data across projects with minimal permissions, exploiting overly permissive default settings. Actions like creating a malicious GitHub pull request can trigger destructive commands. Mitigations include applying least privilege, monitoring Google Operations Logs, and requiring manual approvals for builds triggered by pull requests.

https://www.vulnu.com/p/google-cloud-build-vulnerability-enables-data-destruction-across-projects

Millions of Accounts Vulnerable Due to Google’s OAuth Flaw

Google's OAuth Flaw Risks Millions of Accounts: A security issue allows anyone purchasing domains of defunct startups to access former employee accounts across various SaaS platforms, compromising sensitive data. Despite the risk affecting potentially over 10 million accounts, Google marks it as “won't fix” initially but later reopens the issue after a researcher’s talk. Proposed solutions include adding immutable identifiers to improve user security. Until addressed, many remain vulnerable to misuse of their accounts.

https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw

Scroll to Top