Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Google Gemini CLI workspace-trust hardening update

Security Patch Release
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

Google released a Gemini CLI security update that changes workspace-trust handling for headless CI workflows, reducing the risk that untrusted folders can trigger host-system code execution. The patch applies to @google/gemini-cli < 0.39.1, @google/gemini-cli < 0.40.0-preview.3, and google-github-actions/run-gemini-cli < 0.1.22. Google also hardened --yolo mode tool allowlisting so workflows processing untrusted inputs are less likely to auto-run dangerous commands.

Related Happenings

Google expands Binary Transparency for Android for production app verification

Security Tool/Service
First: 06.05.2026 12:13 Last: 06.05.2026 12:13 Sources 1

About this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...

Open Happening

Google Antigravity prompt-injection fix

Security Patch Release
First: 21.04.2026 13:52 Last: 21.04.2026 13:52 Sources 1

About this happening: **Google** fixed **Antigravity**'s **prompt injection flaw** in **February**, closing a path that could lead to **sandbox escape** and **remote code execution (RCE)**. The patch f...

Open Happening

Google security patch release for CVE-2026-5858

Security Patch Release
First: 10.04.2026 13:44 Last: 10.04.2026 13:44 Sources 1

About this happening: **Google** released the first stable **Chrome 147** build, closing **60 vulnerabilities** and raising the browser’s baseline security ahead of broader deployment. The patch bundle...

Open Happening

Google Android Advanced Flow adds safer APK sideloading for unverified developers

Security Tool/Service
First: 21.03.2026 16:18 Last: 21.03.2026 16:18 Sources 1

About this happening: **Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...

Open Happening

Chrome emergency zero-day patch (CVE-2026-3909, CVE-2026-3910)

Security Patch Release
First: 13.03.2026 08:56 Last: 13.03.2026 08:56 Sources 1

About this happening: **Google** pushed an **emergency Chrome update** for **Stable Desktop users** on **Windows, macOS, and Linux** after confirming **CVE-2026-3909** and **CVE-2026-3910** are **explo...

Latest development: 13.03.2026 11:17

Google discovers and reports CVE-2026-3909, an out-of-bounds write vulnerability in the Skia 2D graphics library, and CVE-2026-3910, an inappropriate implementation vulnerability in the V8 JavaScript and WebAssembly engine, on March 10, 2026; both issues are reachable via crafted HTML pages.

Open Happening

Timeline

  1. 30.04.2026 10:07 2 articles · 27d ago

    Google hardens Gemini CLI workspace trust

    Mitigation Patch Update

    Google hardened Gemini CLI by requiring folders to be explicitly trusted before configuration files can be accessed and by evaluating tool allowlisting under --yolo mode in version 0.39.1, reducing command-execution risk in headless CI workflows that process untrusted folders or inputs for @google/gemini-cli and google-github-actions/run-gemini-cli.

    Show sources
    Open in new tab