Summary

  • A recent vulnerability left users’ Google account details exposed while using a public Android TV setup, but Google has since released an update to fix this.
  • Google explained that a sideloaded version of Chrome won’t automatically use login tokens from Google accounts, thereby protecting sensitive information.
  • A YouTuber first brought this security flaw to the world’s attention back in January, with Google initially saying this was intended behavior, only to acknowledge and fix the problem later.



An Android TV vulnerability first discovered earlier this year made the news last week following an extensive report by 404 Media. Simply put, this exploit could potentially expose your sensitive Google account details, including your Gmail inbox, when you sign in to your Google account on a public Android TV setup, such as at a hotel or similar establishments. Google has since confirmed that it has already sent out an update to fix this bug on Google TV and Android TV devices, but we’re now getting more details on what the company has done to curb this potentially damaging security exploit.


Related

Why it’s the right time for a new 4K Chromecast with Google TV

The Chromecast with Google TV is nearly 4 years old — it’s about time for an update

In a statement to 9to5Google, the company said that a sideloaded version of the Chrome browser won’t automatically use the login token from a user’s Google account in apps like Drive or Gmail. Google also told 9to5 that this bug fix is reaching Google TV and Android TV devices through an app update, which as 9to5Google points out, means that even older hardware can be protected from this particular loophole.


What took Google so long to respond?



For a bit of background, this particular flaw with Android TV was first disclosed by YouTuber Cameron Gray way back in January, as you can see in the video embedded above. Gray warned users against signing in to their Google accounts using a hotel or BnB’s Android TV unit, citing the potential security concerns. The issue then reached the office of Senator Ron Wyden (OR), a member of the Senate Select Committee on Intelligence. Google initially told the Senator’s office that this vulnerability was expected behavior, per the 404 Media report that was published this past Thursday.

Related

How to use Google TV

How to use Google’s version of Plex

Google only took this issue more seriously after the publication reached out for a comment, later saying, “Most Google TV devices running the latest versions of software already do not allow this depicted behavior,” adding that the company would issue a fix for other devices. Although this particular vulnerability should be widely fixed by now, it begs the question as to why Google didn’t take this issue seriously when it was first made public in January.