Affiliate links on Android Authority may earn us a commission.Learn more.
Google to shut down location revealing Chromecast and Google Home bug… in a month
July 12, 2025
Google has reportedly promised to fix a vulnerability in itsChromecast devicesandGoogle Home speakersthat could let attackers discover the location of users. According toKrebs on Security(viaThe Verge), Google will fix the problem with an update in mid-July.
The attack itself was found by security researcher Craig Young of security firm Tripwire. Attackers can exploit security weaknesses in Chromecasts and Google home speakers to get a list of nearby wireless networks. These can then be cross-checked using Google’s location services toget an accurate location.
In testing, Young said he was able to consistently get a position within 10 meters of the device. This compares to a location two miles away when he tried to geolocate his IP address.
Young also said the attack can be done completely remotely as long as the attacker can get the victim to open a malicious link while connected to the same network as the device. The link would then need to stay open for around a minute. You can see how quickly it can be achieved in the video below.
Young pointed out that the attack opens up the possibility of more realistic phishing or extortion attempts. While many people are used to anonymous — and often unspecific — email scams, attackers could use precise location information to make them all-the-more convincing (and dangerous).
It’s common advice but it’s worth saying again: avoid opening links you don’t understand or trust when you’re online. If you want to know more about IoT security, then you cancheck out our guide by clicking here.
Next up:Google Home Chromecast support – how it works, and what you need
Thank you for being part of our community. Read ourComment Policybefore posting.
