diff --git a/CHANGELOG.md b/CHANGELOG.md
index 33db8b10..1a7fce4d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,19 @@
 ## v0.25.0 (WIP)
 
-- Added JSVM `new Timezone(name)` binding for constructing `time.Location` value ([#6219](https://github.com/pocketbase/pocketbase/discussions/6219)).
+- ⚠️ Upgraded Google OAuth2 auth, token and userinfo endpoints to their latest versions.
+    _For users that doesn't do anything custom with the Google account response or the `urlCallback`, this should be a non-breaking change. The exceptions that I could find are:_
+    - `/v3/userinfo` auth response changes:
+        ```
+        meta.rawUser.id             => meta.rawUser.sub
+        meta.rawUser.verified_email => meta.rawUser.email_verified
+        ```
+    - `/v2/auth` query parameters changes:
+        if you are specifying custom `approval_prompt=force` query parameter in the `urlCallback`, you'll have to replace it with `prompt=consent`
 
 - Upgraded to `golang-jwt/jwt/v5`.
 
+- Added JSVM `new Timezone(name)` binding for constructing `time.Location` value ([#6219](https://github.com/pocketbase/pocketbase/discussions/6219)).
+
 
 ## v0.24.2 (WIP)
 
diff --git a/tools/auth/google.go b/tools/auth/google.go
index f017cc4b..086cc97e 100644
--- a/tools/auth/google.go
+++ b/tools/auth/google.go
@@ -32,9 +32,9 @@ func NewGoogleProvider() *Google {
 			"https://www.googleapis.com/auth/userinfo.profile",
 			"https://www.googleapis.com/auth/userinfo.email",
 		},
-		authURL:     "https://accounts.google.com/o/oauth2/auth",
-		tokenURL:    "https://accounts.google.com/o/oauth2/token",
-		userInfoURL: "https://www.googleapis.com/oauth2/v1/userinfo",
+		authURL:     "https://accounts.google.com/o/oauth2/v2/auth",
+		tokenURL:    "https://oauth2.googleapis.com/token",
+		userInfoURL: "https://www.googleapis.com/oauth2/v3/userinfo",
 	}}
 }
 
@@ -51,11 +51,11 @@ func (p *Google) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
 	}
 
 	extracted := struct {
-		Id            string `json:"id"`
+		Id            string `json:"sub"`
 		Name          string `json:"name"`
-		Email         string `json:"email"`
 		Picture       string `json:"picture"`
-		VerifiedEmail bool   `json:"verified_email"`
+		Email         string `json:"email"`
+		EmailVerified bool   `json:"email_verified"`
 	}{}
 	if err := json.Unmarshal(data, &extracted); err != nil {
 		return nil, err
@@ -72,7 +72,7 @@ func (p *Google) FetchAuthUser(token *oauth2.Token) (*AuthUser, error) {
 
 	user.Expiry, _ = types.ParseDateTime(token.Expiry)
 
-	if extracted.VerifiedEmail {
+	if extracted.EmailVerified {
 		user.Email = extracted.Email
 	}