Google Cloud recently patched a privilege escalation vulnerability that could have allowed threat actors to gain access to sensitive information.
The vulnerability, discovered by researchers at Tenable, has been named ImageRunner because it impacts Cloud Run, a fully managed serverless platform that allows developers to deploy and run containerized applications directly on Google’s infrastructure.
Google Cloud told SecurityWeek that it notified Cloud Run customers about the vulnerability in November 2024, and fully deployed a security enhancement to address the issue on January 28, 2025.
According to Tenable, the ImageRunner vulnerability could have been exploited by an attacker who had certain permissions on the targeted user’s project to modify a Cloud Run service, which could enable them to access sensitive or proprietary images.
In the worst case scenario, an attacker could have leveraged the flaw to extract secrets from a private image and exfiltrate sensitive data, Tenable said.
The security firm has published technical details and described the steps for conducting an ImageRunner attack.
A Google Cloud spokesperson said the update rolled out to address ImageRunner “ensures Cloud Run deployments now include an IAM check to ensure the deployer has read access to the container image. Previously, an explicit IAM permission was checked only when deploying a container image from another Google Cloud project.”
Related: Security Firms Say Evidence Seems to Confirm Oracle Cloud Hack
Related: IngressNightmare Flaws Expose Kubernetes Clusters to Remote Hacking
Related: New AI Protection From Google Cloud Tackles AI Risks, Threats, and Compliance
