Google Patches Three High-Risk Vulnerabilities in Android
Google has recently unveiled the latest security updates for the Android operating system, addressing a total of 46 vulnerabilities and providing a solution for three bugs that were being actively exploited.
“There are indications that the following (vulnerabilities) may be subject to limited, targeted exploitation – CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136,” reads the Android Security Bulletin.
According to BleepingComputer, CVE-2023-26083 is a moderate memory leak in the Arm Mali GPU controller of Bifrost, Avalon, and Valhall chips that was exploited in a December 2022 exploit chain that delivered spyware to Samsung devices.
CVE-2021-29256 is a critical (CVSS v3.1: 8.8) data disclosure and privilege escalation vulnerability affecting certain versions of the Bifrost and Midgard Arm Mali GPU kernel drivers.
The third vulnerability, CVE-2023-2136, is a critical vulnerability with a severity score of 9.6/10 because it is an integer overflow bug in Skia, Google’s open source cross-platform 2D graphics library that is also used in Chrome. , where it was repaired in April, according to the report.
Additionally, the report mentioned that CVE-2023-21250, a critical vulnerability in an Android system component that affects Android versions 11, 12, and 13, is the most serious of the security issues Google fixed this month.
This month’s Android security update covers Android versions 11, 12, and 13, but depending on the extent of the vulnerabilities fixed, they may affect older OS versions that are no longer supported.
Last month, Google released a security update for the Chrome browser to fix the third zero-day vulnerability exploited by hackers this year.
“Google is aware that an exploit for CVE-2023-3079 exists in the wild,” Google said in a blog post.
