An unpatched security vulnerability affecting Google’s Compute Engine platform could be abused by an attacker to take over virtual machines over the network. The issue is a consequence of weak pseudo-random numbers used by the ISC DHCP client. Google has yet to roll out a patch, or provide a timeline for when the fix will be made available. Google was informed about the issue on Sept. 27, 2020, which has since acknowledged the report, describing it as a “nice catch” The issue was addressed by Google on Feb. 16, 2021.
Source: https://thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html