Google fixes major Gmail bug seven hours after exploit details go public

[silversurfer]

Content source

https://www.zdnet.com/article/google-fixes-major-gmail-bug-seven-hours-after-exploit-details-go-public/

Google has patched on Wednesday a major security bug impacting the Gmail and G Suite email servers.
The bug could have allowed a threat actor to send spoofed emails mimicking any Gmail or G Suite customer.

According to security researcher Allison Husain, who found and reported this issue to Google in April, the bug also allowed attachers to pass the spoofed emails as compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), two of the most advanced email security standards.

However, despite having 137 days to fix the reported issue, Google initially delayed patches past the disclosure deadline, planning to fix the bug somewhere in September.
Google engineers changed their mind yesterday after Husain published details about the bug on her blog, including proof-of-concept exploit code. [...]

Google fixes major Gmail bug seven hours after exploit details go public

Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.

www.zdnet.com

 

[plat]

I thought something was "off" when this obvious (to me) phishing email made it to my Inbox. This would have been zapped by the spam filter otherwise. Whether it's related to the above vulnerabilities is anyone's guess but the timing is right.

Taking advantage of the COVID stay-at-home situation, no doubt.

Spoiler

 

[Cortex]

I have reservations regarding Googles but on security they are on the ball.