Google Patches Account Recovery Flaw That Exposed Users’ Phone Numbers

Removing the legacy no-JavaScript endpoint shuts down the brute-force attack chain that could have enabled SIM swap takeovers, safeguarding users’ accounts against unauthorized access.