Google Ads unaffected by Log4j vulnerability

However, if you are using an Ads API Client Library and Apache Log4j versions 2.0 to 2.14.1, you should upgrade to the patched version 2.15.0.

Chat with SearchBot

Google Ads and Google Marketing Platform are not using versions of Log4j affected by the CVE-2021-44228 vulnerability, the company announced on Monday. 

Why we care

Although Google Ads and Google Marketing Platform aren’t using vulnerable versions of Log4j, marketers that have built their own API integrations with any of the Google APIs should ensure that whatever they are using isn’t affected by the CVE-2021-44228 vulnerability.

Additionally, if you are using an Ads API Client Library and Apache Log4j versions 2.0 to 2.14.1, you should upgrade to the patched version 2.15.0, Google said on its developer blog.

More on the news

  • “Our security teams are investigating any potential impact on Google products and services and are focused on protecting our users and customers,” Google said.
  • The flaw, which was discovered on December 9, may allow hackers to attack unpatched Apache servers in order to take control of a system.
  • “To be clear, this vulnerability poses a severe risk,” Jen Easterly,  director of the U.S. Cybersecurity and Infrastructure Security Agency, said in a statement, “We will only minimize potential impacts through collaborative efforts between government and the private sector. We urge all organizations to join us in this essential effort and take action.” 

Opinions expressed in this article are those of the guest author and not necessarily Search Engine Land. Staff authors are listed here.


About the author

George Nguyen
Contributor
George Nguyen is the Director of SEO Editorial at Wix, where he manages the Wix SEO Learning Hub. His career is focused on disseminating best practices and reducing misinformation in search. George formerly served as an editor for Search Engine Land, covering organic and paid search.

Get the must-read newsletter for search marketers.