By The Hacker News
Publication Date: 2026-03-03 07:08:00
Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
“Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory, describing it as an integer overflow.
The chipmaker said the flaw was reported to it through Google’s Android Security team on December 18, 2025. Customers were notified of the security defect on February 2, 2026.
There are currently no details on how the vulnerability is being exploited in the wild. However, Google acknowledged in its monthly Android security bulletin that “there are indications that CVE-2026-21385 may be under limited, targeted exploitation.”
Google’s March 2026 update contains patches for a total of 129…
/cdn.vox-cdn.com/uploads/chorus_asset/file/24924652/236780_Google_AntiTrust_Trial_Custom_Art_CVirginia__0002_2.png?resize=1200,628&ssl=1 "A Google breakup is on the table, say DOJ lawyers")
