- Google released March 2026 Android update that fixes 129 bugs
- Includes 10 critical bugs and CVE-2026-21385 (7.8/10), exploited in the wild on 235 Qualcomm chipsets
- Two patch levels were issued (2026-03-01, 2026-03-05); Pixel devices patched first, OEM launch expected later
Google has released a new security update that fixed 129 vulnerabilities in the Android ecosystem, including 10 critical severity bugs and one high severity issue that is apparently being exploited in the wild.
In a security advisory, Google said it had fixed a buffer over-read vulnerability in the graphics component (an open source Qualcomm module). The bug, tracked as CVE-2026-21385, received a severity score of 7.8/10.
“Memory corruption by adding user-supplied data without checking available buffer space,” Qualcomm said in a separate advisory.
Two sets of patches
This bug, Google said, was used in real-life attacks: “There are indications that CVE-2026-21385 may be under limited and targeted exploitation,” it said. Other details were not shared. Qualcomm said the bug was first detected on December 18, while customers were notified on February 2. It affects 235 chipsets.
Google also addressed 10 vulnerabilities in system, framework, and kernel components, which were labeled as critical and could theoretically be used in remote code execution attacks, privilege escalation attacks, and DoS attacks.
“The most serious of these issues is a critical security vulnerability in the system component that could lead to remote code execution without the need for additional execution privileges. No user interaction is required for exploitation,” Google emphasized.
To fix the flaws, the company released two separate patches: 2026-03-01 and 2026-03-05. The second contains a fix for all 129 bugs, as well as fixes for closed source kernel and third-party subcomponents.
Given the fragmentation of the Android ecosystem, it may take some time before most devices receive patches. OEMs, such as Samsung, OnePlus or Xiaomi, now need to take these patches and incorporate them into their products and their patch cadence. Pixel devices are expected to be the first to receive these patches as they are directly a Google product.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
