Google security patch release for CVE-2026-21385
Security Patch Release
Summary
Hide ▲
Show ▼
Google released Android security updates covering 129 vulnerabilities, including an actively exploited zero-day in a Qualcomm display component, creating urgent risk for affected devices. The company said CVE-2026-21385 may be under limited, targeted exploitation, while Qualcomm described the flaw as an integer overflow or wraparound in the Graphics subcomponent that can lead to memory corruption. Google issued the 2026-03-01 and 2026-03-05 patch levels, and the latter bundles the earlier fixes plus some closed-source third-party and kernel subcomponent patches.
Related Happenings
Cisco security patch release for CVE-2026-20182
Security Patch Release
First: 14.05.2026 20:45
Last: 14.05.2026 20:45
Sources 1
About this happening:
Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Cisco security patch release for CVE-2026-20182
Security Patch ReleaseAbout this happening: Cisco released **updates** for **CVE-2026-20182**, a **maximum-severity authentication bypass** in **Catalyst SD-WAN Controller/Manager**, after the flaw was **exploited in limite...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch Release
First: 07.05.2026 18:20
Last: 07.05.2026 18:20
Sources 1
About this happening:
Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch ReleaseAbout this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Latest development: 07.05.2026 20:55
Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.
Google expands Binary Transparency for Android for production app verification
Security Tool/Service
First: 06.05.2026 12:13
Last: 06.05.2026 12:13
Sources 1
About this happening:
Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google expands Binary Transparency for Android for production app verification
Security Tool/ServiceAbout this happening: Google expanded **Binary Transparency for Android**, adding a public verification system that helps detect unauthorized or modified Google app binaries. The rollout covers product...
Google overhauls Android and Chrome bug bounty programs
Commercial Activity
First: 05.05.2026 14:24
Last: 05.05.2026 14:24
Sources 1
About this happening:
**Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
Google overhauls Android and Chrome bug bounty programs
Commercial ActivityAbout this happening: **Google** overhauls its **Android and Chrome** vulnerability rewards programs, reshaping payout tiers for **exploit research** and raising top rewards to **$1.5 million**. The ch...
APT37 BirdCall Android supply-chain campaign
Campaign
First: 05.05.2026 12:04
Last: 05.05.2026 12:04
Sources 1
About this happening:
The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...
APT37 BirdCall Android supply-chain campaign
CampaignAbout this happening: The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...
Timeline
-
03.03.2026 10:19 1 articles · 2mo ago
Qualcomm alerted to high-severity Graphics subcomponent vulnerability
Technical Analysis UpdateQualcomm was alerted to a high-severity vulnerability in the Graphics subcomponent on December 18. The flaw later became associated with memory corruption risk in Qualcomm chipsets.
Show sources
- Android gets patches for Qualcomm zero-day exploited in attacks — www.bleepingcomputer.com — 03.03.2026 10:19
-
03.03.2026 10:19 1 articles · 2mo ago
Qualcomm notified customers about the vulnerability
Initial DisclosureQualcomm notified customers on February 2 about the same high-severity vulnerability affecting its chipsets. The notice preceded the public advisory and patching discussion that followed.
Show sources
- Android gets patches for Qualcomm zero-day exploited in attacks — www.bleepingcomputer.com — 03.03.2026 10:19
-
03.03.2026 10:19 1 articles · 2mo ago
Qualcomm advisory described integer overflow in Graphics subcomponent
Technical Analysis UpdateA Qualcomm security advisory issued on February 3 described the flaw as an integer overflow or wraparound in the Graphics subcomponent that local attackers could exploit to trigger memory corruption. Qualcomm said the vulnerability affects 235 Qualcomm chipsets.
Show sources
- Android gets patches for Qualcomm zero-day exploited in attacks — www.bleepingcomputer.com — 03.03.2026 10:19
-
03.03.2025 10:19 2 articles · 15mo ago
Google released Android security updates for CVE-2026-21385
Mitigation Patch UpdateGoogle released Android security updates covering 129 vulnerabilities and said there are indications that CVE-2026-21385 may be under limited, targeted exploitation. The March patch set used the 2026-03-01 and 2026-03-05 security patch levels and included fixes for System, Framework, and Kernel issues.
Show sources
- Android gets patches for Qualcomm zero-day exploited in attacks — www.bleepingcomputer.com — 03.03.2026 10:19
- Android gets patches for Qualcomm zero-day exploited in attacks — www.bleepingcomputer.com — 03.03.2026 10:19