Google is mulling to release a patch in the next few weeks to fix a security flaw in its “Home” smart speaker and Chromecast TV streaming stick that lets a website collect precise user location data, the media reported.
According to a report by security reporter Brian Krebs, the flaw, disclosed by researcher Craig Young at a security firm named Tripwire, works by exploiting a loophole in Google’s systems to cross-check a list of nearby wireless networks with Google’s precise geo-location look-up services.
Google confirmed the same day that it plans to patch the issue in July, the CNET reported late on Monday.
“Young found he could use the web browser on a computer as a stepping stone to reach a Chromecast or Google Home smart speaker that was connected to the same router. In his test, he was able to harvest information about his own location from his Chromecast,” the report added.
The fix for the bug is expected to arrive sometime in the middle of July.