< ciso
brief />
Tag Banner

All news with #google tag

584 articles · page 3 of 30

Chrome V8 zero-day patched; urgent user update

🛡️ Google released fixes for 74 vulnerabilities in Chrome, including an actively exploited high-severity V8 issue, CVE-2026-11645 (CVSS 8.8). The flaw is an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine that could allow code execution inside a sandbox via a crafted HTML page. Researcher "303f06e3" reported the bug on April 27, 2026, and received a $55,000 bounty. Users should update Chrome to the latest 149.0.7827.102/.103 versions and apply corresponding updates for other Chromium-based browsers.
read more →

Security shifts to the human layer as AI scams surge

🛡️ Microsoft and Google warn that cybercriminals are repurposing familiar social-engineering tactics around AI tools and trusted cloud services, impersonating platforms like ChatGPT, Copilot, and Claude to distribute malware, steal credentials, and run investment scams. Both advisories note attackers rely on longstanding techniques—urgency, trusted-brand abuse, and redirection chains—while adapting lures to where AI is embedded in daily workflows. The trend shifts the threat surface from code to employee behavior, demanding resilience beyond blocking single phishing campaigns.
read more →

Google issues emergency Chrome update addressing zero-day

🔒 Google has released an emergency update for Chrome addressing 74 vulnerabilities, including a high-severity zero-day that has been exploited in the wild. The bulletin, published on June 8, fixes 17 critical, 55 high-severity and two medium-severity flaws, with updates rolling out to Windows, Mac and Linux users over the coming days and weeks. The exploited V8 bug, CVE-2026-11645, was reported April 27 and earned the researcher $55,000.
read more →

Google issues emergency Chrome zero-day patch

🔒 Google has released an emergency update to address CVE-2026-11645, the fifth Chrome zero-day fixed this year. The flaw, an out-of-bounds read/write in the V8 JavaScript engine, can be exploited by crafted HTML to achieve arbitrary code execution from within the browser sandbox. Patched Stable channel versions for Windows, macOS, and Linux are rolling out, and Google warns details may stay restricted until most users are updated.
read more →

Google advisory on evolving global fraud and scams

🛡️ Google outlines recent global scam trends and mitigation efforts, highlighting sophisticated Adversary-in-the-Middle (AITM) phishing, QR-code and calendar-based scams, AI-driven cryptocurrency fraud, mobile extortion apps, and government impersonation campaigns. The advisory describes technical responses, policy enforcement, and legal actions to disrupt abuse, plus practical safety tips for users.
read more →

Critical protobuf.js flaws enable code injection risks

🛡️ Researchers at Cyera disclosed six vulnerabilities in protobuf.js, a JavaScript implementation of Google’s Protocol Buffers, that allow untrusted schema data to influence application behavior. The most severe issues enable code generation and injection via manipulated schema metadata, potentially leading to remote code execution when crafted inputs are accepted. The flaws affect protobuf.js versions up to 7.5.5 and 8.0.1 and also impact protobuf.js-cli; patches are available in updated releases.
read more →

AI Agent Uncovers 21 FFmpeg Zero-Days, Chrome Ships 429 Fixes

🛡️ depthfirst's autonomous agent discovered 21 previously unknown zero-day vulnerabilities in FFmpeg, producing reproducible PoC inputs for each at a reported cost of about $1,000 for the run. In the same week, Google released Chrome 149 with fixes for a record 429 security bugs, over 100 of which are critical or high severity, following an overhaul of its bounty program to cope with a surge of AI-generated reports. The findings illustrate how AI is accelerating vulnerability discovery and increasing pressure on triage and patching processes across widely used software.
read more →

Magecart campaign abuses Stripe and GTM for skimming

🛡️ A Magecart campaign uses Google Tag Manager and Stripe's API to host both the card‑stealing payload and exfiltrated payment data. The skimmer, delivered via legitimate‑looking GTM containers, targets Magento/Adobe Commerce checkouts and reads a specific Stripe customer record to retrieve and execute obfuscated JavaScript. Stolen card details are XOR‑obfuscated, stored locally, then uploaded into fake Stripe customer metadata, with variants using Google Firestore as an alternative backend.
read more →

Gemini notification injection risk on Android devices

🔔 A SafeBreach researcher demonstrated that a single malicious notification from apps like WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could hijack Google Gemini's voice assistant on Android. The technique, called Fake Context Alignment, let notifications be treated as executable context, enabling fake replies, app launches, smart-home control, and even persistent memory poisoning. Google patched the issue server-side after being notified; Android users can disable Gemini's notification reading to mitigate exposure.
read more →

Google adds Android protection against AI call scams

📱 Google is rolling out a new fake call detection feature for Android 12+ devices, starting with Pixel phones and enabled by default. When both parties use Phone by Google and RCS-enabled Messages, the caller's device sends a silent encrypted confirmation to the recipient; if absent, the recipient's device pings the contact's phone to verify authenticity and shows a warning if the contact denies making the call. The feature aims to counter AI voice-cloning and number-spoofing scams.
read more →

Google June 2026 Android security updates

🔒 Google released June 2026 security patches addressing 124 Android vulnerabilities, including a high-severity Framework flaw tracked as CVE-2025-48595 affecting Android 14–16 and 16 QPR2. This privilege escalation bug can be exploited without user interaction and is reportedly under limited targeted exploitation. The June updates arrive in two batches, with the latter adding kernel and chipset fixes from MediaTek, Qualcomm, Unisoc, and others.
read more →

Google issues June 2026 Android security patches

🔒 Google released the June 2026 Android security updates fixing 124 vulnerabilities, including one actively exploited Android Framework zero-day (CVE-2025-48595) affecting devices running Android 14 and later. The company warned of limited, targeted exploitation and urged users to update to the latest Android versions. Two patch bundles (2026-06-01 and 2026-06-05) were issued; Pixel devices will receive updates immediately while other vendors may delay. Google also addressed 18 critical flaws across System, Framework, and Qualcomm components, and previously patched other zero-days this year.
read more →

Modeling a digital twin with BigQuery Graph

📈 BigQuery Graph enables building a digital twin of interconnected systems like supply chains and restaurant networks by creating a Graph View over existing tables. The approach maps items, recipes, locations and dependencies into nodes and edges, enabling targeted queries for issues such as recalls, weather disruptions, or procurement leaks. It emphasizes keeping relational data for metrics while using graphs for structure, cleaning keys, and capturing edge properties for richer modeling.
read more →

AlloyDB Remote MCP Server Now Generally Available

🛡️ The Remote Model Context Protocol (MCP) Server for AlloyDB is now generally available, providing a secure HTTP endpoint that lets AI agents access real-time operational data. This fully managed service simplifies production deployments by centralizing discovery, offering fine-grained IAM-based authorization, audit logging, and integration with Model Armor for prompt and response protection. Developers can join AlloyDB operational data with analytics in BigQuery and use built-in AI functions for low-latency agentic experiences.
read more →

GKE standby buffers lower autoscaling latency and cost

🚀 Google announces GKE standby buffers to complement active buffers, providing low-cost suspended node capacity that resumes faster than cold node provisioning. Standby buffers store node state to disk, releasing compute and memory costs while keeping persistent disk and IP charges, enabling near-instant scheduling with only a small single-digit percent overhead. Together, active and standby buffers reduce pod scheduling latency, replace manual balloon-pod workarounds, and help balance performance and cost for spiky workloads.
read more →

Analyze BigQuery Data Directly in Google Sheets

📊 Connected Sheets removes CSV exports and turns Google Sheets into a live, secure interface to BigQuery, enabling business users to analyze petabytes of governed data without SQL. Admins retain security and governance by provisioning table or view access while preventing data alteration from Sheets. End users gain immediate agility using familiar tools like pivot tables, charts, and formulas to analyze billions of rows and create refreshable reports and hybrid models. Connecting requires a Google Workspace account and a billing-enabled Google Cloud project, with connections established either from Sheets or the BigQuery UI.
read more →

Building an AI-Ready Security Program for Public Sector

🛡️ This Cloud CISO Perspectives post by Usman Chaudhary, Field CISO for Google Public Sector, outlines a pragmatic roadmap for public-sector CISOs to adopt AI-driven security. It emphasizes immediate quick wins in the first 90 days, tactical actions within six months, and strategic initiatives for months six to 12, combining internal automation, commercial AI capabilities, and vendor solutions like Gemini for Government. The guidance targets threat triage, talent augmentation, posture elevation, and governance to reduce toil and accelerate proactive defense.
read more →

AlloyDB Hot Standby: Faster Failovers and Reliability

🚀 AlloyDB for PostgreSQL introduces a Hot Standby HA architecture that keeps the standby node actively replaying WAL records, reducing failover time and preserving cache warmth. This change eliminates standby database startup delays and minimizes post-failover performance degradation, improving RTO and stabilizing application throughput. Hot Standby is rolling out for PostgreSQL 18 and will reach earlier versions in months, with no extra cost and retention of the 99.99% SLA.
read more →

Chrome rolls out device‑bound session cookie protection

🔒 Google has made the Chrome Device Bound Session Credentials (DBSC) feature generally available and is rolling it out to all users to prevent account takeovers. DBSC, in beta since April 2024, cryptographically binds session cookies to device hardware such as TPM and Secure Enclave, ensuring stolen cookies cannot be reused. The feature will be enabled by default for Google Workspace customers and cannot be disabled by administrators. DBSC aims to block previously exploited techniques that restored or reused expired authentication cookies.
read more →

UCO and Google accelerate forensic case analysis with AI

🧭 This collaboration between Google Public Sector and the University of Central Oklahoma (UCO) Forensic Science Institute uses Google’s NotebookLM to rapidly analyze complex criminal case documents and construct timelines. Originating from an AI hackathon co-led by UCO’s CIO Sonya Watkins, the project leverages Gemini to prioritize high-impact prototypes and has reduced multi-month analyses to days in early trials. UCO instructors ensure AI outputs are forensically sound and reliably cited.
read more →