Google has released its Android Security Bulletin for March with patches for 129 vulnerabilities, one of which is a zero-day flaw in a Qualcomm display component that may be under “targeted, limited exploitation.”
The latest update also fixes 10 critical severity bugs across Android components. CVE-2026-0006 is a remote code execution vulnerability in the System component that attackers could exploit with no additional privileges or user interaction. CVE-2025-48631 is a denial-of-service flaw in System, while CVE-2026-0047 is an escalation of privilege vulnerability in Framework. There are seven critical escalation of privilege flaws being patched in Kernel components.
Google is also addressing issues in Qualcomm, MediaTek, Arm, Misc OEM, Unisoc, and Imagination Technologies components, which may not affect all Android devices.
One zero-day patched
The zero-day patched with this security update is as an integer overflow or wraparound in a Qualcomm Graphics subcomponent that allows local attackers to trigger memory corruption. The vulnerability—labeled
...Keep reading this article on Life Hacker.
