
Gemini Live API Flaw Lets Attackers Inject Code Execution Through Unconstrained Tokens
A newly disclosed vulnerability affects web applications that build real-time voice features on Google’s Gemini Live API. Security Researcher Alvin Ferdiansyah found that the flaw stems not from a bug in Google’s code, but from a documentation-and-reference-implementation gap that leads developers to ship ephemeral tokens with no security constraints. Gemini Live API powers real-time voice […]
The post Gemini Live API Flaw Lets Attackers Inject Code Execution Through Unconstrained Tokens appeared first on Cyber Security News.