Latest Google Cyber Alerts

A secure web is here to stay

On February 8, 2018

Posted by Emily Schechter, Chrome Security Product ManagerFor the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.In Chrome 68, the omnibox will display “Not secure” for aRead more

Vulnerability Reward Program: 2017 Year in Review

On February 7, 2018

Posted by Jan Keller, Google VRP Technical Pwning MasterAs we kick-off a new year, we wanted to take a moment to look back at the Vulnerability Reward Program in 2017. It joins our past retrospectives for 2014, 2015, and 2016, and shows the course our VRPs have taken.At the heart of this blog post is a big thank you to the security research community. You continue to help make Google’s users and our products more secure. We looking forward to continuing our collaboration with the community in 20Read more

Announcing turndown of the deprecated Google Safe Browsing APIs

On January 24, 2018

Posted by Alex Wozniak, Software Engineer, Safe Browsing TeamIn May 2016, we introduced the latest version of the Google Safe Browsing API (v4). Since this launch, thousands of developers around the world have adopted the API to protect over 3 billion devices from unsafe web resources.Coupled with that announcement was the deprecation of legacy Safe Browsing APIs, v2 and v3. Today we are announcing an official turn-down date of October 1st, 2018, for these APIs. All v2 and v3 clients must transiRead more

Android Security Ecosystem Investments Pay Dividends for Pixel

On January 17, 2018

Posted by Mayank Jain and Scott Roberts, Android security team[Cross-posted from the Android Developers Blog]In June 2017, the Android security team increased the top payouts for the Android Security Rewards (ASR) program and worked with researchers to streamline the exploit submission process. In August 2017, Guang Gong (@oldfresher) of Alpha Team, Qihoo 360 Technology Co. Ltd. submitted the first working remote exploit chain since the ASR program's expansion. For his detailed report, Gong wasRead more

More details about mitigations for the CPU Speculative Execution issue

On January 4, 2018

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program ManagerYesterday, Google’s Project Zero team posted detailed technical information on three variants of a new security issue involving speculative execution on many modern CPUs. Today, we’d like to share some more information about our mitigations and performance.In response to the vulnerabilities that were discovered we developed a novel mitigation called “Retpoline” -- a binary modification technique that proRead more

Today's CPU vulnerability: what you need to know

On January 3, 2018

Posted by Matt Linton, Senior Security Engineer and Pat Parseghian, Technical Program Manager[Google Cloud, G Suite, and Chrome customers can visit the Google Cloud blog for details about those products][For more technical details about this issue, please read Project Zero's blog post]Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.The Project Zero researcher, JannRead more

Securing communications between Google services with Application Layer Transport Security

On December 13, 2017

Posted by Cesar Ghali and Julien Boeuf, Engineers on the Security & Privacy TeamAt Google, protection of customer data is a top priority. One way we do this is by protecting data in transit by default. We protect data when it is sent to Google using secure communication protocols such as TLS (Transport Layer Security). Within our infrastructure, we protect service-to-service communications at the application layer using a system called Application Layer Transport Security (ALTS). ALTS authenRead more

Additional protections by Safe Browsing for Android users

On December 1, 2017

Posted by Paul Stanton and Brooke Heinichen, Safe Browsing TeamUpdated on 12/14/17 to further distinguish between Unwanted Software Policy and Google Play Developer Program PolicyIn our efforts to protect users and serve developers, the Google Safe Browsing team has expanded enforcement of Google's Unwanted Software Policy to further tamp down on unwanted and harmful mobile behaviors on Android. As part of this expanded enforcement, Google Safe Browsing will show warnings on apps and on websitesRead more

Tizi: Detecting and blocking socially engineered spyware on Android

On November 27, 2017

Posted by Anthony Desnos, Megan Ruthven, and Richard Neal, Google Play Protect security engineers and Clement Lecigne, Threat Analysis GroupGoogle is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Usually, PHA authors attempt to install their harmful apps on as many devices as possible. However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on a small number of devices to achieve a cRead more

Lock it up! New hardware protections for your lock screen with the Google Pixel 2

On November 14, 2017

Posted by Xiaowen Xin, Android Security TeamThe new Google Pixel 2 ships with a dedicated hardware security module designed to be robust against physical attacks. This hardware module performs lockscreen passcode verification and protects your lock screen better than software alone.To learn more about the new protections, let’s first review the role of the lock screen. Enabling a lock screen protects your data, not just against casual thieves, but also against sophisticated attacks. Many AndroidRead more

loading