- The new advisory details of Google 62 vulnerabilities
- Some of them are considered critical, and for some no user interaction is required
- At least two defects were being actively abused in nature
Google launched a new update for Android, which addresses more than 60 vulnerabilities. Among them there are two that are being actively exploited in nature, and some with a classification of critical gravity.
In a security notice published in the Android blog, Google said there are indications that two failures “can be low limited and specific exploitation.”
Vulnerabilities are tracked as CVE-2024-53150 and CVE-2024-53197 and are now a paveled. According to Amnesty International, the latter was used at the end of last year to enter the Android phone of a Serbian youth activist, after being chained with two additional defects.
Aimed at protesters
In Serbia, protests against the government have been disaster for months, after an eaves at a railway station collapsed, killing 16 people. The students of the country, leading the protests, demanded the release of all documents related to the renewal of the Novi Sad train station. They believe that making public these documents will shed light on any corruption or negligence involved in the project.
In total, Google set 62 failures. While there is no evidence that the rest is being abused in nature, there are still some dangerous that justify a fast patch.
“The most severe of these problems is a critical vulnerability of security in the system component that could lead to a remote climbing of privileges without the need for additional execution privileges,” Google warned.
“User interaction is not necessary for exploitation. The evaluation of gravity is based on the effect that exploit vulnerability would possibly have on an affected device, assuming that the platform and mitigation of the service are deactivated for development purposes or if they are omitted successfully.”
In total, there are three defects that were labeled as critics: CVE-2025-22429, CVE-2025-26416 and CVE-2025-22423.
Through The hacker news
