Google Ads and Google Marketing Platform are not using versions of Log4j affected by the CVE-2021-44228 vulnerability, the company announced on Monday. 

Why we care

Although Google Ads and Google Marketing Platform aren’t using vulnerable versions of Log4j, marketers that have built their own API integrations with any of the Google APIs should ensure that whatever they are using isn’t affected by the CVE-2021-44228 vulnerability.

Additionally, if you are using an Ads API Client Library and Apache Log4j versions 2.0 to 2.14.1, you should upgrade to the patched version 2.15.0, Google said on its developer blog.

More on the news

• “Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers,” Google said.
• The flaw, which was discovered on December 9, may allow hackers to attack unpatched Apache servers in order to take control of a system.
• “To be clear, this vulnerability poses a severe risk,” Jen Easterly,  director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a statement, “We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.”