Android Receives Critical Patches for Qualcomm Zero-Day Vulnerability Exploited in Recent Attacks

Post Views: 12

Google Addresses Critical Zero-Day Vulnerability in Qualcomm Display Component

Google has addressed a critical zero-day vulnerability in a Qualcomm display component that is actively being exploited in targeted attacks. The flaw, tracked as CVE-2026-21385, is an integer overflow or wraparound issue in the Graphics subcomponent that can be triggered by local attackers to cause memory corruption.

Qualcomm Notification and Advisory

Qualcomm revealed that it was notified of the high-severity vulnerability on December 18 and subsequently alerted customers on February 2. According to the company’s security advisory, the flaw affects 235 Qualcomm chipsets.

Google Security Updates

Google has released security updates to patch the vulnerability as part of its March 2026 Android Security Bulletin. The updates also address 128 other Android security vulnerabilities, including 10 critical issues in the System, Framework, and Kernel components that could be exploited by attackers to gain remote code execution, elevate privileges, or trigger denial-of-service conditions.

Severity of Vulnerabilities

The most severe of these critical vulnerabilities is a flaw in the System component that could allow remote code execution without requiring additional execution privileges or user interaction. Google has issued two sets of patches, including the 2026-03-01 and 2026-03-05 security patch levels, with the latter including fixes for closed-source third-party and kernel subcomponents.

Device Updates and Security Prioritization

While Google Pixel devices have already received the security updates, other vendors may take longer to test and deploy the patches due to varying hardware configurations. This is not the first time Google has addressed actively exploited zero-day vulnerabilities in Android. In December, the company patched two other high-severity zero-day flaws, CVE-2025-48633 and CVE-2025-48572, which were also tagged as “under limited, targeted exploitation.”

The latest vulnerability highlights the ongoing threats to Android devices and the need for timely security updates to prevent exploitation. As the Android ecosystem continues to evolve, it is essential for device manufacturers and users to prioritize security and stay informed about potential vulnerabilities.