Google released March 2026 Android security updates addressing 129 vulnerabilities, including an actively exploited zero-day in a Qualcomm display component (CVE-2026-21385). Qualcomm says the flaw is an integer overflow in the graphics subcomponent affecting 235 chipsets, and Google also patched 10 other critical System, Framework, and Kernel vulnerabilities across two patch levels. #CVE-2026-21385 #Qualcomm
Keypoints
- Google patched 129 Android vulnerabilities in the March 2026 bulletin.
- CVE-2026-21385 is reportedly under limited, targeted exploitation and affects a Qualcomm display graphics component.
- Qualcomm identifies the issue as an integer overflow that can lead to memory corruption and impacts 235 chipsets.
- Ten critical System, Framework, and Kernel flaws were fixed that could enable remote code execution, privilege escalation, or denial-of-service.
- Patches were released as 2026-03-01 and 2026-03-05 levels; Pixel devices receive updates immediately while other vendors may delay deployment.