https://thenextweb.com/security/2020/08/21/google-fixes-a-gmail-bug-that-couldve-let-attackers-spoof-emails/

While users were struggling to use Gmail‘s services yesterday for a long time, Google fixed a critical bug that might’ve let attackers send spoofed emails. It took Google a whopping 137 days to close the bug after security researcher Allison Husain first reported it to the company. 

Husain noted that the bug didn’t allow classic email spoofing where you can put any value in the sender’s field. But it could mimic any Gmail or GSuite user to send emails. The bug could also let attackers bypass protection protocols such as Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting and Conformance (DMARC) that protect you from spoofing.