The first task in handling a security vulnerability is to identify the severity of the bug and which component of the device is affected. The severity level determines how the issue is prioritized, and the component determines who fixes the bug, who is notified, and how the fix gets deployed to users. For software apps and services associated with our devices, we follow · Google’s vulnerability disclosure deadline.

Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones.

February 5, 2025 - How does Google handle vulnerabilities? Ana Oprea shares core practices behind Google’s vulnerability management program.

You can filter findings by various attributes on the following Google Cloud console pages: ... For instructions on fixing findings and protecting your resources, see Remediating Security Health Analytics findings. The API_KEY_SCANNER detector identifies vulnerabilities related to API keys used in your cloud deployment.

Google Bug Hunters is aimed at external security researchers who want to contribute to keeping Google products safe and secure. You can report security vulnerabilities to our vulnerability reward program (VRP), read up on our program rules (including rewards on offer), access learning content, and much more…report a security vulnerability

This page lists vulnerability statistics for all products of Google. Vulnerability statistics provide a quick overview for security vulnerabilities related to software products of Google.

Three security vulnerabilities, CVE-2021-4154, CVE-2021-22600, and CVE-2022-0185, have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.

February 18, 2026 - A vulnerability has been discovered in Google Chrome which could allow for arbitrary code execution. Successful exploitation of the vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could ...

April 25, 2026 - CVE-2026-6921, meanwhile, is a medium-severity GPU vulnerability, with the same outcomes, but this time using a malicious video file. Thankfully, Chrome updates are handled automatically. But it never hurts to kickstart the process rather than wait. You can do this by using the three-dot menu in your browser and heading for Help|About Google Chrome.

If you believe you have discovered a vulnerability in a Google product or have a security incident to report, go to bughunters.google.com/report to include it in our Vulnerability Reward Program.

April 23, 2026 - CVE-2026-6919 is a use-after-free vulnerability in the DevTools component of Google Chrome prior to version 147.0.7727.117. This memory corruption flaw could allow a remote attacker who has already compromised the renderer process to potentially ...

March 16, 2026 - A remote attacker can lure a user to a malicious webpage that triggers the bug, corrupts memory, and potentially achieves code execution in the browser context. Skia is an open source 2D graphics library used not only in Google Chrome but also ...

April 22, 2026 - The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. ... Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of concept (PoC) prompt injection attack ...

Security vulnerabilities related to Google : List of vulnerabilities affecting any product of this vendor

April 3, 2026 - Updated April 3: Following confirmation by Google that CVE-2026-5281, a new Chrome web browser zero-day vulnerability, is already being exploited in the wild, this article has now been update to include information on 20 other vulnerabilities ...

This is the place to report security vulnerabilities found in any Google or Alphabet (Bet) subsidiary hardware, software, or web service. This includes reporting to the Google VRP as well as many other VRPs such as Android, Cloud, Chrome, ChromeOS, Chrome Extensions, Mobile, Abuse, and OSS.

1 week ago - Google's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.