Google vendor security report

Security & Breach News (last 12 months)

• Google Is Paying Android Phone Owners $135 Million. Learn Why and Who's Eligible

  Google settled a class-action lawsuit for $135 million over allegations that Android devices transferred user information to Google without explicit permission. This represents a confirmed regulatory/legal action regarding data collection practices rather than an active security breach.

  CNETMay 2, 2026

  medium
• You could get paid from Google’s Android data lawsuit

  Google agreed to a $135 million settlement resolving claims that Android devices consumed cellular data in the background without explicit user permission. This regulatory/legal action represents a significant compliance issue involving unauthorized data usage practices.

  Fox NewsMay 2, 2026

  medium
• Google Chrome Multiple Vulnerabilities

  Multiple vulnerabilities were identified in Google Chrome that could allow remote attackers to execute code. This is a confirmed vulnerability affecting Google's Chrome browser product.

  Hong Kong Computer Emergency Response Team Coordination CentreMay 2, 2026

  high
• Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

  Google patched a critical CVSS 10.0 remote code execution vulnerability in Gemini CLI versions below 0.39.1 that could be exploited in CI/CD workflows. The fix required Google to implement mandatory explicit workspace trust to prevent unauthorized code execution.

  The Hacker NewsMay 2, 2026

  high
• Alabama Android users could get cash from Google data lawsuit. Here's how

  Google agreed to a $135 million settlement in a lawsuit brought by Alabama Android users alleging that Google enabled phones to use cellular data without user consent. This represents a regulatory/legal action related to data usage practices rather than a security breach.

  Montgomery AdvertiserMay 2, 2026

  medium