Google has shipped patches for 62 vulnerabilities, two of which it mentioned have been exploited within the wild.
The 2 high-severity vulnerabilities are listed under –
- CVE-2024-53150 (CVSS rating: 7.8) – An out-of-bounds flaw within the USB sub-component of Kernel that might lead to data disclosure
- CVE-2024-53197 (CVSS rating: 7.8) – A privilege escalation flaw within the USB sub-component of Kernel
“Essentially the most extreme of those points is a crucial security vulnerability within the System element that might result in distant escalation of privilege with no further execution privileges wanted,” Google mentioned in its month-to-month security bulletin for April 2025. “Consumer interplay shouldn’t be wanted for exploitation.”
The tech big additionally acknowledged that each the shortcomings could have come underneath “restricted, focused exploitation.”
It is value noting that CVE-2024-53197 is rooted within the Linux kernel and was patched final yr, alongside CVE-2024-53104 and CVE-2024-50302. All three vulnerabilities, per Amnesty Worldwide, are mentioned to have been chained collectively to interrupt right into a Serbian youth activist’s Android cellphone in December 2024.
Whereas CVE-2024-53104 was addressed by Google in February 2025, CVE-2024-50302 was remediated final month. With the most recent replace, all three vulnerabilities have been mounted, successfully plugging the exploit path.
There are at the moment particulars on how CVE-2024-53150 has been exploited in real-world assaults, by whom, and who could have been focused in these assaults. Customers of Android units are suggested to use the updates as and when Android authentic tools producers (OEMs) launch them.
