Google has released one of the largest security updates in the history of its Android platform, patching 129 vulnerabilities, including a critical zero-day flaw that is already being exploited.
The update addresses a high-severity vulnerability, CVE-2026-21385, an integer overflow flaw in a Qualcomm graphics component.
Google said the issue has been subject to “limited, targeted exploitation,” raising concerns it may have been used by commercial spyware vendors against specific individuals such as journalists and government officials.
Security researchers say the flaw is particularly significant because of its wide reach, affecting hundreds of chipsets across the Android ecosystem and potentially exposing millions of devices worldwide.
Users are being urged to install the update as soon as it becomes available. While devices from Google’s Pixel line typically receive updates first, manufacturers such as Samsung and others are expected to roll out the patches across flagship and supported models in the coming weeks.
In addition to the zero-day, the update fixes 10 critical vulnerabilities across core Android components, including the system, framework, and kernel layers.
Among them is a severe flaw that could allow remote code execution without requiring any user interaction or additional privileges, a scenario considered highly dangerous in cybersecurity terms.
Google has structured the update across two security patch levels. The first, dated March 1, addresses 63 vulnerabilities within Android’s core system and framework. The second, dated March 5, includes all previous fixes along with 66 additional patches targeting third-party hardware components from major chipmakers.
The update highlights ongoing concerns about the security of mobile devices as they become increasingly central to communication, finance, and access to sensitive data.
Experts say the timely installation of security updates remains one of the most effective ways for users to protect themselves against emerging cyber threats.
