Google has fixed a major security issue affecting Gmail and G Suite mail servers.
The bug could allow an attacker to send fakes messages that mimic any Gmail or G Suite client.
According to security researcher Allison Husain, who found and reported the problem to Google in April, the bug also allowed attackers to deliver spoofed email messages compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance ), two of the most advanced email security standards.
However, despite the fact that Google had 137 days to fix the problem, it delayed the updates, planning to fix the error sometime in September.
Google engineers changed their minds yesterday when Husain published details for the error in her blog, along with a PoC.
Seven hours after the publication, Google told Husain that it had developed a patch to block any attacks that leverage the reported issue, but work will be completed with final updates in September.
The Google patch has already been applied to the server, which means that Gmail and G Suite users need to do nothing.