Google plans to release a patch sometime in the next few weeks to fix a bug in its Home smart speaker and Chromecast TV streaming stick that lets a website collect precise user location data, according to a report from security reporter Brian Krebs. The bug, disclosed by researcher Craig Young at security firm Tripwire, works by exploiting a loophole in Google’s systems to cross-check a list of nearby wireless networks with Google’s precise geolocation look-up services.
Essentially, by using the location gleaned by nearby Wi-Fi networks through a Google Home or Chromecast, a malicious website can triangulate a user’s location. And because those devices rarely require authentication from third parties to receive data on local networks,...