Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Looker security bulletin fix (multiple vulnerabilities)

Security Patch Release
First reported
Last updated
Happening score
H score 10
2 unique sources, 2 articles

Summary

Hide ▲

Google issued a security fix for Looker in GCP-2025-052 after Tenable Research disclosed LeakyLooker findings, a set of nine cross-tenant vulnerabilities in Looker Studio that could let attackers extract or manipulate sensitive cloud data. The flaws included 0-click attacks against report-owner credentials and 1-click attacks against viewer credentials, with potential impact across BigQuery, Spanner, PostgreSQL, MySQL, Google Sheets, and Cloud Storage. Because Looker Studio is a managed service, Google deployed the patches globally, and no customer action required for that product; on-premises Looker customers must still update to a secure version from the bulletin.

Related Happenings

Google Gemini CLI workspace-trust hardening update

Security Patch Release
First: 30.04.2026 10:07 Last: 30.04.2026 10:07 Sources 1

About this happening: Google released a **Gemini CLI** security update that changes **workspace-trust handling** for **headless CI workflows**, reducing the risk that untrusted folders can trigger **ho...

Open Happening

Google Antigravity prompt-injection fix

Security Patch Release
First: 21.04.2026 13:52 Last: 21.04.2026 13:52 Sources 1

About this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...

Open Happening

Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)

Security Patch Release
First: 13.03.2026 08:56 Last: 13.03.2026 08:56 Sources 1

About this happening: **Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...

Latest development: 13.03.2026 11:17

Google discovers and reports CVE-2026-3909, an out-of-bounds write vulnerability in the Skia 2D graphics library, and CVE-2026-3910, an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine, on March 10, 2026; both issues are reachable via crafted HTML pages.

Open Happening

Google Cloud environment entry vectors shift from credentials to third-party vulnerabilities in H2 2025

Target Trend
First: 10.03.2026 17:30 Last: 10.03.2026 17:30 Sources 1

About this happening: Threat actors targeting **Google Cloud environments** shifted in **H2 2025** from credential abuse to **unpatched third-party vulnerabilities**, materially changing initial-access...

Open Happening

Cloud environments third-party flaw exploitation wave

Exploitation Wave
First: 09.03.2026 23:45 Last: 09.03.2026 23:45 Sources 1

About this happening: **Threat actors** are rapidly weaponizing **newly disclosed third-party vulnerabilities** to reach **cloud environments**, compressing the exploitation window from weeks to days a...

Open Happening

Timeline

  1. 04.02.2026 13:00 3 articles · 3mo ago

    Tenable discloses Looker SQL injection and RCE flaws

    Initial Disclosure

    Tenable researcher Liv Matan disclosed two Looker flaws: a SQL injection path that could expose the internal database's secrets and configurations as CVE-2025-12743, and a chained RCE path that could run arbitrary code on a Looker server and enable lateral movement or cross-tenant access in cloud deployments. Google later fixed the issues and published secure versions in GCP-2025-052 for on-premises customers.

    Show sources
    Open in new tab