Google has issued a security advisory for the upcoming Gmail release which could potentially allow remote attackers to decrypt the encryption keys used by Gmail users.
The issue was discovered by security researcher Johnathan Schmitt, who found a vulnerability in Gmail’s email encryption, and found that the flaw allowed remote attackers with a remote access key (RAK) to decrypt encrypted emails without using a user’s email password.
Schmitt posted the security advisory to Google’s developer portal, which is meant to help Google’s developers create new and improved security products.
This is not the first time Google has found vulnerabilities in its products.
In July, Google released a security update to address a vulnerability that allowed an attacker to decrypt email messages.
The security update was issued in response to security concerns over the vulnerability, which Google said could be exploited by “an attacker with a valid email address or an impersonator email address to obtain the same or other sensitive information.”
Google’s advisory also recommends that users disable the “email-encryption-only” setting from the settings menu in Gmail, and that users configure their Gmail passwords using the “Enter password” command line option.
This setting has been deprecated in favor of setting the user’s Gmail password in a more secure way.
The vulnerability affects Gmail users running the “default” configuration, which requires users to select a password for their Gmail account.
Gmail users that do not select a “default,” or do not configure their account to allow for email encryption should change the default setting to “email encryption-only.”
Users can also disable the email-encrypting-only setting in Gmail from within the Google Account Settings.