-
Google adds Android intrusion logging to help investigate spyware attacks
Google introduced an opt-in Android intrusion logging feature for suspected spyware cases. The encrypted logs are stored for 12 months, can be downloaded by users, and are rolling out to devices with the Android 16 December update and later.
-
Google expands Android binary transparency to verify apps and modules
Google has expanded Android binary transparency for production apps and Mainline modules released after May 1, 2026, adding a public cryptographic ledger meant to confirm that device software matches what was intended to ship.
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
-
Google patched Antigravity sandbox escape bug after prompt injection research
Google fixed an Antigravity vulnerability after researchers said prompt injection could combine with a file-creation capability to bypass secure mode and enable remote code execution in the AI developer tool.
-
Google adds Rust-based DNS parser to Pixel modem firmware
Google has added a Rust-based DNS parser to Pixel 10 modem firmware, saying the change lowers risk in a sensitive part of cellular communications and reduces exposure to memory-safety vulnerabilities.
-
Three former Google engineers indicted over alleged trade secret theft, files reportedly sent to Iran
Three San Jose residents, including two former Google engineers, were indicted on charges of stealing trade secrets related to processor security and cryptography and transferring files to unauthorized locations including Iran, the Justice Department said.
-
Google patches Chrome flaw in ANGLE library that is being actively exploited
Google released Chrome security updates on Dec. 11 that fix three vulnerabilities, including a high-severity flaw in the ANGLE graphics library tracked as Chromium issue 466192044 and reported to be exploited in the wild; users should update to the latest 143.0.7499 builds.
-
Google issues December Android security updates, patches 107 flaws including two exploited in the wild
Google released December 2025 Android security patches that fix 107 vulnerabilities across multiple components, including two Framework flaws reported as exploited in the wild; users and manufacturers are urged to apply the 2025-12-01 or 2025-12-05 updates.
-
Google issues Chrome security update for actively exploited V8 bug
Google released Chrome updates to fix two V8 type confusion vulnerabilities, including CVE-2025-13223 which is being actively exploited; users should update to the listed Chrome versions and other Chromium-based browser vendors should apply fixes when available.
-
Google AI agent Big Sleep credited with finding five WebKit bugs in Safari; Apple issues patches
Apple credited Google’s AI agent Big Sleep with finding five WebKit vulnerabilities affecting Safari that could cause crashes or memory corruption; Apple issued patches in iOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1 and Safari 26.1 and urged users to update.
