PT-2026-38106

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DevTools allows a local attacker to perform privilege escalation by using a malicious file. Recommendations Update to version 148.0.7778.96...

Pixel Update Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices Google devices. For Google devices, security patch levels of or later address all issues in this bulletin and all issues in the May 2026 Android Security Bulletin. ...

GHSA-HCWR-PQ9G-RQ3M apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible)

apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded .apk packages against the checksum recorded in the signed index. The checksum is parsed and available via ChecksumString, and the downloaded package control hash is computed, but the two values are never...

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

This week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted from breach to...

Google Android 安全漏洞

Android is an open source mobile operating system developed by Google, widely used in smartphones, tablets, smart TVs, cars and various IoT devices, providing core capabilities such as application operation, device management, network communication, debugging and security control, etc. Android...

PT-2026-36889

Name of the Vulnerable Software and Affected Versions Android versions 14 through 16 Description A logic error in the adbd tls verify cert function within auth.cpp of the Android Debug Bridge ADB daemon allows a bypass of wireless ADB mutual authentication. The issue stems from a type confusion...

apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the sanitizePath...

Android Automotive OS Update Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this...

Android Security Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-05-01 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

Wear OS Security Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

Android XR Bulletin—May 2026Stay organized with collectionsSave and categorize content based on your preferences.

The XR Security Bulletin contains details of security vulnerabilities affecting the XR platform. The full XR update comprises the security patch level of 2026-05-05 or later from the May 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all customers to accep...

Astra Linux – Vulnerability in Linux 5.10

In TBD of TBD, there is a potential use-after-free due to a race condition. This could lead to a local escalation of privileges in the kernel, as execution privileges are required. User interaction is not necessary for exploitation. Product: Android Versions: Android kernel Android ID: A-21951397...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the aiopollcompletework function of the aio.c file, there is a possibility of memory corruption due to use after free. This could lead to a local privilege escalation without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Astra Linux - уязвимость в linux

In hidinputchangeresolutionmultipliers of hid-input.c, there is a possible out-of-bounds write due to a heap buffer overflow. This could lead to a local privilege escalation without the need for additional execution privileges. User interaction is not required for exploitation. Product: Android...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of offline features in Google Chrome on Android before version 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation through a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In bindervmaclose of binder.c, there is a potential exploit after the free function call due to improper locking. This could lead to a local escalation of privileges without the need for additional execution privileges. User interaction is not required for this exploitation. Product: Android...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the context of dm-verity-target.c, there is a potential way to modify read-only files due to a missing permission check. This could lead to a local escalation of privileges, as System execution privileges are required. User interaction is not necessary for exploiting this vulnerability. Produc...