Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the hide method in WindowState.java. This method allows for click hijacking/cross-session attacks, potentially leading users to grant...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from integer overflows in multiple functions within ubsanthrowingruntime.cpp. These vulnerabilities may lead to remote denial-of-service...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android. These vulnerabilities stem from the misleading or insufficient UI provided by the getCallingAppLabel function in CertInstaller.java, which may lead to t...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks in multiple functions of PackageInstallerService.java. These vulnerabilities may lead to the installation...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from an integer overflow in the l2cfcrclonebuf function found in l2cfcr.cc. This vulnerability may lead to controlled heap corruption within...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from the getCallingPackageName function in Shared.java code. This function contains obfuscation, potentially allowing bypass of activity laun...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a logical error in the fixInitiatingUserIfNecessary function. This vulnerability may lead to emergency calls...

Android Security Bulletin—June 2026Stay organized with collectionsSave and categorize content based on your preferences.

This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2026-06-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Within 48 hours afte...

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

Exploit for Deserialization of Untrusted Data in Google Android

Zygote Toolkit - CVE-2024-31317 This is a toolkit that uses C...

EUVD-2026-33085

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33207

Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33170

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

EUVD-2026-33167

Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

Linux Distros Unpatched Vulnerability : CVE-2026-9917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from proces...

Linux Distros Unpatched Vulnerability : CVE-2026-9977

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the...

DEBIAN-CVE-2026-9921

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. Chromium security severity: High...

CVE-2026-9920

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-9917

Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-9919

Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...