All news with #google tag

🔐 Google has rolled out native end-to-end encryption for Gmail on Android and iOS, allowing enterprise users to compose and read encrypted emails without installing extra apps. The capability uses client-side encryption (CSE) and is available to organizations with Enterprise Plus licenses plus the Assured Controls add-on after admins enable mobile clients. Encrypted messages and attachments are encrypted on the device and delivered as regular emails, and recipients using other services can read them in a web browser.

🔐 Google has made Device Bound Session Credentials (DBSC) generally available to Windows users on Chrome 146, with macOS support planned for a later release. DBSC uses hardware-backed modules like the Trusted Platform Module (TPM) to bind short-lived session cookies to a specific device so exfiltrated cookies cannot be used by attackers. The feature falls back gracefully on devices without secure key storage and was developed with Microsoft as part of efforts to make the approach an open web standard. Google says the architecture is privacy-minded and does not enable cross-site tracking.

🔐 Google has introduced Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows to block infostealer malware from harvesting session cookies. The feature cryptographically ties session cookies to hardware-backed keys stored in the Trusted Platform Module (TPM) on Windows, with macOS support planned for a future release. Because the per-session private keys are generated by a security chip and cannot be exported, exfiltrated cookies become useless without proof of key possession. The protocol is privacy-conscious, uses distinct keys per session to avoid cross-site correlation, and was developed with industry input including Microsoft.

🔐 Chrome has enabled Device Bound Session Credentials (DBSC) publicly for Windows users on Chrome 146, with macOS support arriving in a future release. DBSC cryptographically binds short‑lived session cookies to a device's hardware-backed key (TPM or Secure Enclave) so exfiltrated cookies cannot be reused off‑device. The browser handles rotation and the approach preserves privacy by avoiding device identifiers. Web developers can adopt DBSC via the open spec and developer guide.

🎵 This guide outlines best practices for prompting Lyria 3 and Lyria 3 Pro, Google’s music generation models that deliver granular control over vocals, instrumentation, arrangement, and timing. It highlights technical details—track lengths from rapid 30-second prototypes to three‑minute compositions, multi‑vocal support in eight languages, timed-lyrics and tempo conditioning—and includes a concise prompting framework. The post also covers advanced workflows such as timestamped segment instructions and multimodal generation using images or PDFs, plus integration paths through Vertex AI and the Gen AI SDK.

🔒 Google explains how it designed Gmail to protect user data as Gemini-powered features roll out. The company says Gemini is not trained on personal email content and only accesses messages for specific, isolated tasks like summarization. According to Gmail’s VP of product, Blake Barnes, the feature processes requests inside the inbox and does not retain the processed data.

🎵 Google has made Lyria 3 and Lyria 3 Pro available on Vertex AI in public preview, bringing high-fidelity music generation to the Vertex AI API and Media Studio. Lyria 3 Pro composes studio-quality tracks up to three minutes with structural elements (intros, verses, choruses, bridges), while Lyria 3 produces 30-second tracks for rapid prototyping. Both models accept multi-modal inputs (text or images), support vocal generation with timed lyrics or user-provided lyrics, and can produce purely instrumental pieces. Outputs are embedded with SynthID watermarking and filtered for policy and IP compliance.

🌱 Google reports that its seventh‑generation TPU, Ironwood, achieved an approximately 3.7x improvement in Compute Carbon Intensity (CCI) versus TPU v5p based on fleet measurements in January 2026. CCI captures estimated CO2e per utilized FLOP, including embodied (Scope 3) and operational (Scope 1 and 2) emissions. Google also cites a roughly 5x increase in utilized FLOPs and a rise in peak BF16 FLOPS from 459 to 2,307. The company attributes gains to hardware advances and software/system optimizations such as Mixture of Experts sparsity, wider FP8 adoption, and improved fleet orchestration, while noting results are a point‑in‑time snapshot that can vary by workload, location, and accounting method.

🛡️ Google has patched a fourth zero-day in Chrome this year, addressing CVE-2026-5281 in Dawn, the browser's WebGPU implementation, which allowed remote code execution via a crafted HTML page when the renderer process was compromised. The company confirmed an exploit exists in the wild and urges users to update to Chrome 146.0.7680.178 or newer. This fix follows earlier 2026 patches for CSS memory handling, the Skia graphics library, and the V8 JavaScript engine.

🚀 Google Cloud has launched Veo 3.1 Lite, a cost‑effective video generation model available now on Vertex AI, and introduced a new standalone Veo upscaling capability currently in private preview. The Veo 3.1 family now includes three tiers—Veo 3.1, Veo 3.1 Fast, and Veo 3.1 Lite—all with native audio generation. The upscaling tool enhances existing low‑resolution videos to 1080p and 4K, regardless of source, and access is provided via the Vertex AI API and Vertex AI Media Studio. Developer documentation and a sample video editor agent are available to help teams get started.

🔐 Google outlines a continuous, layered approach to mitigating indirect prompt injection (IPI) across Workspace with Gemini, combining proactive discovery, synthetic data generation, and iterative defenses. Human and automated red-teaming, an AI Vulnerability Rewards Program, and OSINT monitoring are used to catalog and expand attack variants. Deterministic configuration controls, ML retraining, LLM prompt hardening, and model-level defenses are validated through comparative testing to reduce IPI success while preserving routine performance.

🔍 Honeylove consolidated disparate analytics into BigQuery and integrated outputs with Gemini to automate reporting, contribution analysis, and SKU-level forecasting. They use BigQuery ML (ARIMA) for demand planning with forecasts consistently within 5% of manual calculations, and Gemini embeddings plus vector search to semantically analyze customer tickets. These automations have saved the team hundreds of hours annually and about 30 seconds per ticket, accelerating product iteration and operational efficiency.

🔒 Gemma 4 is now available on Google Cloud as an open, commercially permissive (Apache 2.0) family of models with context windows up to 256K, native vision and audio processing, and support for over 140 languages. Enterprises can deploy and fine-tune Gemma 4 via Vertex AI, serve inference serverlessly on Cloud Run, or run production workloads on GKE and TPUs. The release highlights data residency and compliance through Sovereign Cloud options and open weights, enabling secure, controlled AI deployments.

📱 Researchers at McAfee uncovered NoVoice, an Android rootkit hidden in more than 50 Google Play apps that were downloaded at least 2.3 million times. The apps requested no suspicious permissions and used steganography to hide an encrypted APK payload that exploits historically patched kernel and driver vulnerabilities to gain root. Once rooted, the implant replaces system libraries, disables SELinux, and installs persistent recovery scripts and a watchdog so the rootkit survives factory resets. McAfee reported the apps and Google removed them, but previously infected devices should be considered compromised.

📣 This guide highlights the Infrastructure and GKE sessions at Cloud Next '26, offering a curated set of technical breakouts across Compute, AI infrastructure, migration, modernization, and scale. Attend spotlights and deep dives to hear from Google leaders and engineering teams about Gemini, Google Distributed Cloud, and the AI Hypercomputer. Sessions cover TPU/GPU roadmaps, high‑performance compute, agentic AI pipelines, and practical migration and FinOps strategies designed to help organizations build resilient, AI‑ready infrastructure.

🔒 Google has begun rolling out a new Android developer verification system designed to reduce malicious apps and strengthen platform security. The scheme requires developers to verify their identities and register apps, notably when distributing software outside Google Play; eligible Play apps will be auto-registered. Unregistered apps may later require an advanced sideloading flow or ADB, while Google stages enforcement from April 2026 and expands globally after 2027.

🔒 Google released updates for Chrome to fix 21 vulnerabilities, including a zero-day (CVE-2026-5281) that has been exploited in the wild. Dawn, the WebGPU implementation, contains a use-after-free bug allowing a remote attacker with access to the renderer process to execute arbitrary code via crafted HTML. Users should update to versions 146.0.7680.177/178 on Windows and macOS and 146.0.7680.177 on Linux, and ensure Chromium-based browsers receive vendor patches.

⚠️ Google released emergency updates to fix a fourth actively exploited Chrome zero-day, tracked as CVE-2026-5281. The issue is a use-after-free in Dawn, Chromium's implementation of the WebGPU standard, and can cause crashes, rendering problems, or data corruption. Patches are available on Stable Desktop for Windows, macOS (146.0.7680.177/178), and Linux (146.0.7680.177); rollouts may take days, but updates are immediately available when checking.

🛡️ Google's Threat Intelligence Group has attributed a supply chain compromise of the popular Axios npm package to a suspected North Korean cluster tracked as UNC1069. Attackers seized a maintainer npm account and pushed trojanized releases (1.14.1 and 0.30.4) that added a malicious dependency, plain-crypto-js. That dependency used a postinstall hook to deploy an obfuscated dropper (SILKBELL) which fetched OS-specific payloads and ultimately installed the WAVESHAPER.V2 backdoor. Organizations should audit dependency trees, search node_modules for plain-crypto-js, isolate affected hosts, block the C2 domain sfrclak[.]com, and rotate credentials.

🛡️ Google has made its AI-powered Google Drive ransomware detection generally available and enabled it by default for paying Workspace customers. The feature scans files as they sync from desktop computers and pauses Drive syncing when ransomware-encrypted files are detected, alerting users and admins. It provides guided instructions and a Drive restoration tool to recover corrupted files, and Google says its latest model detects 14x more infections. Admins may disable the feature in the Admin console, and endpoints need Drive for desktop v.114+ for full alerting functionality.