The company confirmed that it is developing a fix for the authentication failure caused by the March 9, 2025, expiration of the Chromecast ICA 3 intermediate certificate authority, critical for SSL/TLS device validation. When it expired, Google’s clients—including Chrome, Android’s Cast SDK, and the Google Home app—began rejecting connections, triggering sscr-s4010-2203-2280-g (“Untrusted device”) errors during setup or casting attempts. A critical security flaw in Apache Camel's header validation mechanism allows attackers to execute arbitrary system commands by exploiting case-sensitive header injection. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. Google has not confirmed if these workarounds will conflict with its upcoming fix, expected to involve patching Play Services, Chrome, and Home app builds to whitelist the expired CA. While unofficial clients like VLC remain unaffected, Google’s enforcement of strict CASTV2 protocol authentication has bricked official integrations. Newer Chromecast with Google TV and Ultra models remain unaffected due to updated certificate chains. As users migrate to alternatives like the $20 ONN 4K Streamer, the outage underscores the need for modular, user-replaceable authentication frameworks in connected devices. She is covering various cyber security incidents happening in the Cyber Space. Google has not provided a timeline for resolution but is likely prioritizing server-side updates to minimize dependency on OEM firmware patches.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Mar 2025 07:10:28 +0000