Critical vulnerabilities in Google Home and Google Nest - urgent update needed
Take action: While your Google Home and Google Nest devices can be compromised only by an attacker that's within the range of your Google Home/Nest wifi signal, it's still a serious issue. Patch immediately.
Learn More
Google's December 2023 security bulletin raises issues in their home automation products. This bulletin specifically targets two critical vulnerabilities in Google Home and Google Nest products:
- CVE-2023-48419 (CVSS3 score 10) poses a significant wifi eavesdropping threat, where an attacker within WiFi range of a Google Home device could potentially conduct unauthorized surveillance. This issue not only breaches privacy but also jeopardizes the security of personal data and the integrity of home networks.
- CVE-2023-6339 (CVSSv3 score 10) exposes Google Nest WiFi Pro devices to potential root code execution and the compromise of user data. Such a breach could lead to an attacker gaining unauthorized control over the device and accessing sensitive personal information, thereby posing a serious risk to user security.
Google has rolled out firmware version 2.58 to address the issues in the security framework of its Nest devices. This update is applicable to a broad spectrum of popular products, including Nest Audio, Nest Mini, Google Home Mini, and Google Home.