Apache Log4j Vulnerability (Google Online Security Blog)
Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers. We encourage anyone who manages environments containing Log4j 2 to update to the latest version. Based on findings in our ongoing investigations, here is our list of product and service updates as of December 17th (CVE-2021-44228 & CVE-2021-45046): Android is not aware of any impact to the Android Platform or Enterprise. At this time, no update is required for this specific vulnerability, but we encourage our customers to ensure that the latest security updates are applied to their devices. Chrome OS releases and infrastructure are not using versions of Log4j affected by the vulnerability. Chrome…