Google has unveiled its March Android Security Bulletin, introducing crucial patches for a total of 129 vulnerabilities. Among these, a notable zero-day flaw in a Qualcomm display component has been identified, which may be subject to "targeted, limited exploitation."
This update also remedies 10 critical severity bugs found within various Android components. For instance, CVE-2026-0006 represents a remote code execution vulnerability in the System component, posing a risk of exploitation without any user interaction or additional privileges. Furthermore, CVE-2025-48631 addresses a denial-of-service vulnerability within the System, while CVE-2026-0047 focuses on privilege escalation in the Framework. Additionally, seven critical privilege escalation flaws within Kernel components are being addressed.
Google is also rectifying issues related to components from Qualcomm, MediaTek, Arm, Misc OEM, Unisoc, and Imagination Technologies, although not all Android devices will be impacted.
Zero-Day Vulnerability Resolved
The zero-day vulnerability patched in this update is classified as an integer overflow or wraparound issue within a Qualcomm Graphics subcomponent, which can lead to memory corruption when exploited by local attackers. Identified as CVE-2026-21385, this flaw affects 235 Qualcomm chipsets. Qualcomm's security advisory confirmed that this vulnerability was reported to the Google Android Security team on December 18, 2025, with customer notifications issued by February 2, 2026.
Immediate Action Required: Update Your Android
Android users are strongly encouraged to install the latest security patch as soon as it becomes available. Notifications prompting users to update should appear on devices. Google directly manages updates for its Pixel devices and the core Android Open Source Project (AOSP), while other manufacturers typically release their patches concurrently. Users with devices from brands like Samsung, Motorola, or Nokia may experience a slight delay in receiving these updates.
This month's patches are categorized under two patch levels: 2026-03-01 and 2026-03-05, with the latter encompassing all issues addressed in the former. The patches apply to AOSP versions 14, 15, 16, and 16-qpr2. To check for available updates, navigate to Settings > Security & privacy > System & updates > Security update.
