They would also have logs of any further attempts to exploit the vulnerability after it was found. I haven't seen anyone mention that. Although it's still no definitive proof, it can be useful corroborating evidence. (I left Google years ago, so I have no insider knowledge about the issue.)