Google has ships shipped For 62 vulnerabilities, two of which said he was exploited in the wild.
The two high severity vulnerabilities are listed below –
- CVE-2024-53150 (CVSS score: 7.8) – an out -of -limited defect in the USB subcomposter of the nucleus which could lead to a disclosure of information
- CVE-2024-53197 (CVSS score: 7.8) – A lack of climbing the privilege in the USB subcomposter of the nucleus
“The most serious of these problems is an essential security vulnerability in the system component that could lead to a distance climbing from privileges without any additional execution privilege,” Google said in its monthly security bulletin for April 2025. “User’s interaction is not necessary for operating.”
The technology giant also recognized that the two shortcomings may have undergone a “limited and targeted exploitation”.
It should be noted that CVE-2024-53197 is rooted in the Linux nucleus and was corrected last year, alongside CVE-2024-53104 and CVE-2024-50302. The three vulnerabilities, by Amnesty International, would have been chained to embark on the Android phone of a young Serbs activist in December 2024.
While the CVE-2024-53104 was discussed by Google in February 2025, the CVE-2024-50302 was corrected last month. With the latest update, the three vulnerabilities were corrected, effectively plugging in the feat path.
There are currently details on how CVE-2024-53150 has been exploited in the attacks of the real world, by which, and which may have been targeted in these attacks. Users of Android devices are invited to apply updates as the manufacturers of equipment of Android origin publish them.
