We encourage anybody who manages environments containing Log4j 2 to replace to the newest model.
Based mostly on findings in our ongoing investigations, right here is our listing of product and repair updates as of December seventeenth (CVE-2021-44228 & CVE-2021-45046):
Android just isn’t conscious of any impression to the Android Platform or Enterprise. Presently, no replace is required for this particular vulnerability, however we encourage our prospects to make sure that the newest safety updates are utilized to their units.
Chrome OS releases and infrastructure should not utilizing variations of Log4j affected by the vulnerability.
Chrome Browser releases, infrastructure and admin console should not utilizing variations of Log4j affected by the vulnerability.
Google Cloud has a particular advisory devoted to updating prospects on the standing of GCP and Workspace services and products.
Google Advertising and marketing Platform, together with Google Adverts just isn’t utilizing variations of Log4j affected by the vulnerability. This consists of Show & Video 360, Search Adverts 360, Google Adverts, Analytics (360 and free), Optimize 360, Surveys 360 & Tag Supervisor 360.
YouTube just isn’t utilizing variations of Log4j affected by the vulnerability.
We are going to proceed to replace this advisory with the newest info.
