All news with #cloud armor tag

Google Cloud guidance on CVE-2025-55182 for React/Next.js

🔒 Meta and Vercel disclosed a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) that also affected some Next.js releases. Google Cloud rolled out a preconfigured Cloud Armor WAF rule (cve-canary), is enforcing protections for Firebase Hosting, and recommends testing the rule in preview while enabling ALB request logging to consume telemetry. Customers should promptly update dependencies to React 19.2.1 and the patched Next.js releases and redeploy services to remove the vulnerability.

Cloud Armor: Hierarchical Policies, Extended WAF and NTI

🛡️ Cloud Armor introduces hierarchical security policies and organization-scoped address groups to simplify centralized policy management across organization, folder, and project levels. The release also includes GA support for JA4 network fingerprinting and ASN/NTI controls for Media CDN, while an enhanced WAF request-body inspection (preview) expands inspection from 8 KB to 64 KB. These updates are designed to strengthen threat protection and reduce operational complexity for hybrid and multicloud deployments.