According to a report by security reporter Brian Krebs, Google is currently working to fix a bug found in both the Home smart speaker and the Chromecast TV streaming stick.
The bug, discovered by Tripwire researcher Craig Young, is “an authentication weakness that leaks incredibly accurate location information about users,” Young spoke to Krebs about the bugs and it can be exploited to access users’ data, first explaining that one can ask a Google device about nearby devices and then send that list to Google’s geolocation lookup services. “An attacker can be completely remote as long as they can get the victim to open a link while connected to the same Wi-Fi or wired network as a Google Chromecast or Home device,” Young states.
The bug patch is expected to arrive this July.