Google takes care of everything for us, including the hardware level, the OS, networking, and the application runtimes. A function deployed there on the GCF will run in an automatically managed platform. Each cloud function will be executed separately in a container-based isolation, which is a secure execution context. Running independently, each function will not interfere with others while sharing the same host. This is the same concept used by Docker and other container implementations.

At the time of writing, Google Cloud Functions chooses to support only JavaScript running on Node.js v6.11.5; however, the document says that they will keep the version of Node.js updated by going closely with the Long-Term Support (LTS) releases, as quickly as possible. We can be confident that all patch versions for security and minor updates of the Node.js runtime will match the upstream releases.

As previously mentioned, a cloud function is also put into a container. In the case of Google Cloud Functions, its root filesystem is based on Debian. The base image of GCF is updated regularly and available as Docker images. It could be pulled from gcr.io/google-appengine/nodejs. Here's the way the system prepares the base image by inheriting the image and installing Node.js version 6.11.5 to it:

FROM gcr.io/google-appengine/nodejs
RUN install_node v6.11.5