Google is amending its patch reward program to provide up-front financial support for open source projects that need money to make security improvements.
Google will limit the ability of LSA to access G Suite accounts starting in June, to protect users from account hijacking attempts. The change is to encourage using apps that rely on OAuth 2.0.
Google has integrated its Password Checkup functionality into Chrome 79 to warn when people use compromised credentials.
Many versions of Android, including Android 10, have a weakness dubbed StrandHogg that can lead to credential phishing and other malicious actions.
Google is now offering a top bounty of $1 million for a full chain remote code execution exploit that gains persistence on the Titan M chip on Pixel phones.