It took Google about four months to close one of the dangerous flaws in Gmail e-mail that was allowing hackers to send phishing messages that appeared to be emanating from the user.
The security researcher Allison Husain had discovered the flaw in the e-mail service on the first of last April and informed Google about it, which was able to close it yesterday in conjunction with the suspension of some of its services around the world.
The vulnerability allows the user to deceive and deceive him that the email he received was actually from any other Gmail or GSuite user. This means that hackers can bypass several techniques that protect users from falling victim to such practices.
Google has several security techniques based on comparing the sender’s IP address with a list of previously approved addresses, and if its address is mentioned within that list, it is allowed for messaging, especially for GSuite users.
It is surprising that Google has not given the utmost importance to this serious security vulnerability that allows bypassing two of the most important security and protection standards for e-mail. According to the sources, the company closed the loophole after seven hours of spreading its details to the public, that is, 137 days after it was informed of it, and the company was planning to delay it until September.