If you're talking about the incident described in the article, it says it was a flaw in "a popular open-source, web-based system administration tool".

Google's blog (https://cloud.google.com/blog/topics/threat-intelligence/ai-...) says Google "worked with the impacted vendor to responsibly disclose this vulnerability", so in this incident, it's not Google software.