"Security Researchers Discover 22 Issues in Google One VPN"

The Google One Virtual Private Network (VPN) service is now available to Google One Premium members in over 20 countries. During the summer, NCC Group, an information assurance firm, conducted a security assessment of the Google One VPN service and discovered 22 flaws. Researchers discovered three medium-severity issues, ten low-severity issues, and nine informational observations. The most notable discovery was related to the Windows application's requirement to be executed with administrator privileges. Although NCC Group found no software vulnerabilities in this application, NCC stated in its report that potentially insecure coding practices could result in a privilege escalation attack. During the retest, Google resolved the issue, and the application is now executed with user privileges. The other two medium-risk discoveries were in the login process of both Windows and macOS applications, which would allow local malicious applications to deny the service's availability or obtain the OAuth token sent after a successful login by manipulating local ports temporarily opened by the applications during the login process. This article continues to discuss findings from the security assessment of the Google One VPN service.

Cybernews reports "Security Researchers Discover 22 Issues in Google One VPN"