The bugs could allow criminals to listen in on private calls without the target's knowledge
The bug makes GitHub Action's workflow commands vulnerable to injection attacks, according to researchers
Hackers are exploiting the vulnerability, in combination with a separate Chrome bug, to launch attacks
Google will now wait for at least 90 days before disclosing bug details