You can find past Nest Security Bulletins in the archive.
This Nest Security Bulletin contains details of security vulnerabilities that previously affected Google Nest’s connected home devices. The vulnerabilities listed in this bulletin have been addressed. Devices start receiving (Over the Air) OTA updates the same month the bulletin is released.
Security Patches
Vulnerabilities are grouped under the device family group and component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, and severity.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
Home/Cast
Firmware version 1.56.3.
Firmware is the software installed on Google Nest or Home speaker or display. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
Kernel
CVE | Type | Severity |
RCE |
Critical |
|
EoP |
High |
|
EoP |
High |
|
EoP |
High |
|
EoP |
High |
|
EoP |
High |
|
EoP |
High |
|
EoP |
High |
Cast
This section includes Chromium vulnerabilities in the cast component.
CVE | Type | Severity |
EoP |
Critical |
|
EoP |
Critical |
|
EoP |
Critical |
|
EoP |
Critical |
|
RCE |
High |
|
EoP |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
EoP |
High |
|
EoP |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
EoP |
High |
|
RCE |
High |
|
RCE |
High |
|
EoP |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
High |
|
RCE |
Medium |
|
EoP |
Medium |
|
ID |
Medium |
|
ID |
Medium |
WLAN
CVE | Type | Severity |
EoP |
Critical |
|
ID |
Medium |
|
EoP |
Medium |
|
EoP |
Medium |
|
EoP |
Medium |
|
EoP |
Medium |
|
DoS |
Medium |
|
ID |
Medium |
MISC
CVE | Type | Severity |
ID |
High |
|
RCE |
High |
|
DoS |
High |
|
EoP |
High |
Common questions and answers
This section answers common questions that may occur after reading this bulletin.
1. How do I determine if my device is updated to address these issues?
Firmware is the software installed on Google Nest or Home speaker or display. When a firmware update is available, your device will automatically download the update via an Over-the-Air (OTA) update.
Find your device's firmware version
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
Abbreviation | Definition |
RCE | Remote code execution |
EoP | Elevation of privilege |
ID | Information disclosure |
DoS | Denial of service |
N/A | Classification not available |
Get help
Get answers from experts on the Google Nest Community or contact us.