Google may have been later to the smart home game but they have certainly made massive strides, however along the way there have been some bugs and earlier this year, a researcher by the name of Craig Young discovered an authentication “weakness” within the software of Google Home and Chromecast devices.
This weakness can be exploited and can reveal your specific location accurate to within a few feet by Google’s geolocation lookup services.
An attacker does not need to be on the same network as you as long as you are on the same same Wi-Fi or wired network as a Google Chromecast or Home device they can send you a link to click on which needs to remain open for about a minute before the attacker has your location. The attack content could be contained within malicious advertisements or even a tweet.
When Young contacted Google back in May they marked this issue as intended behaviour, however, the company has since changed its position. Now, the company plans to push an update to Google Home and Chromecast devices in mid-July which should fix the problem.