Google Patches 130 Android Vulnerabilities, Including Exploited Zero-Day Google released its March 2026 Android security updates, addressing nearly 130 vulnerabilities one of which is an actively exploited zero-day. The flaw, tracked as CVE-2026-21385 (CVSS 7.8), affects the graphics component in over 200 Qualcomm chipsets, stemming from an integer overflow issue that could lead to memory corruption during memory allocation. Exploitation of the bug could allow attackers to bypass security controls and gain unauthorized system access, according to Jamf’s Adam Boynton. Qualcomm first received the report from Google’s Android Security team on December 18, 2025, notified customers on February 2, and publicly disclosed the vulnerability on March 3, 2026. Google’s security bulletin confirms limited, targeted exploitation in the wild, though no attack details were provided. Such vulnerabilities are frequently leveraged by commercial spyware vendors. The fixes are split across two patch levels: - 2026-03-01: Addresses over 50 vulnerabilities in the Framework and System components, including critical remote code execution (RCE) and denial-of-service (DoS) flaws. The most severe a System component bug could enable RCE without user interaction or additional privileges. - 2026-03-05: Resolves 60+ vulnerabilities in kernel, Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm components, including CVE-2026-21385. Devices updated to 2026-03-05 or later are protected against all patched issues. Google also released fixes for two Wear OS vulnerabilities in its Framework and System components, incorporating all March Android security patches. No platform-specific updates were issued for Android Automotive OS or Android XR this month.

Qualcomm faced significant vulnerabilities within their Adreno GPU used in Android devices. Discovered by Google’s Android Red Team, these vulnerabilities could lead to full device control if exploited. Attackers could bypass application restrictions, accessing GPU drivers with deep kernel privileges. Although Qualcomm released patches to OEMs, the diffuse Android ecosystem could slow mitigation. This emphasizes GPUs as emerging security focal points, with their ubiquitous role in daily mobile device operations exposing them to potential widespread impact if leveraged by attackers.