Google released its monthly Android Security Bulletin, confirming that a high-severity vulnerability in a Qualcomm graphics component—tracked as CVE-2026-21385—has been actively exploited in the wild.
The flaw, classified as an integer overflow issue, affects Qualcomm’s Graphics/Display subcomponent. It occurs when user-supplied data is added without properly checking buffer limits, leading to memory corruption during allocation alignment. Rated 7.8 on the CVSS scale, the vulnerability is local, meaning attackers typically need initial access to the device through a malicious app or a chained exploit. While not a standalone remote code execution bug, it can help attackers bypass Android sandbox protections and act as a stepping stone for deeper system compromise or spyware deployment.
Google’s Threat Analysis Group indicated the flaw may be under “limited, targeted exploitation,” language often associated with use by commercial spyware vendors or nation-state actors targeting high-value individuals.
The March update addresses 129 vulnerabilities in total. These include a critical remote code execution flaw (CVE-2026-0006, CVSS 9.8) in the System component and multiple elevation-of-privilege issues affecting the protected Kernel-Based Virtual Machine and hypervisor.
CVE-2026-21385 impacts 235 Qualcomm chipsets, spanning flagship Snapdragon 8 series to budget and specialized platforms. Users should verify they have installed the March 5, 2026 security patch level. Pixel devices receive updates promptly, while other Android devices may face rollout delays.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
