An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege
The attacker must be within the physical range of the victim's Wi-Fi network. Without any privileges or user interaction, they are able to conduct an attack resulting in privilege escalation. The detailed technical mechanism has not been disclosed in the available description, however the full CVSS vector (AV:N/AC:L/PR:N/UI:N/S:C) indicates a vulnerability accessible remotely over the network, requiring no complicated conditions or prior privileges.
An attacker can obtain unauthorized elevated privileges on the device and spy on the victim — potentially gaining access to audio captured by the device's microphone. The vulnerability scope (Scope: Changed) suggests the possibility of exceeding the context of the device itself.
Apply patches available from the manufacturer according to references (Google support page: support.google.com/product-documentation/answer/14273332). Google Home devices typically update automatically — verify that devices have automatic software updates enabled.
Google Nest Audio (firmware), Google Nest Mini (firmware), Google Home Mini (firmware) — specific versions indicated in manufacturer references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HGoogle Home
HWGooglewszystkie wersjeGoogle Home Firmware
OSGoogle< 2.58Google Home Mini
HWGooglewszystkie wersjeGoogle Home Mini Firmware
OSGoogle< 2.58Google Nest Audio
HWGooglewszystkie wersjeGoogle Nest Audio Firmware
OSGoogle< 2.58Google Nest Mini
HWGooglewszystkie wersjeGoogle Nest Mini Firmware
OSGoogle< 2.58
Related vulnerabilities
The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices...
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding atta...
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Type confusion w V8 (Google Chrome/Edge) umożliwiający heap corruption
Type Confusion w V8 (Google Chrome) — RCE przez spreparowaną stronę HTML