Google has released its April 2025 Android security update, addressing 62 vulnerabilities. Including two high-severity flaws that have reportedly been exploited in the wild.
Among the most serious are:
- CVE-2024-53150 (CVSS 7.8): An out-of-bounds read flaw in the USB sub-component of the Linux Kernel that can lead to information disclosure.
- CVE-2024-53197 (CVSS 7.8): A privilege escalation bug in the same USB component, allowing attackers to gain higher-level access to the system.
According to Google’s bulletin, the most severe issue patched in this cycle is a critical remote privilege escalation vulnerability in the System component. Which requires no user interaction and grants elevated privileges without additional execution permissions. While Google did not assign a CVE ID for this particular issue in its summary. It confirmed that it could be exploited remotely.
The company also confirmed that both USB-related vulnerabilities have been subject to “limited, targeted exploitation“. Though further details, including the nature of the campaigns or the actors behind them, remain undisclosed.
CVE-2024-53197, tied to the Linux kernel, was previously identified as part of a zero-day exploit chain that Amnesty International reported in late 2024. This chain was allegedly used to compromise an Android device belonging to a Serbian youth activist in December.
The exploit involved:
- CVE-2024-53104 – patched in Google’s February 2025 update
- CVE-2024-50302 – addressed in the March 2025 update
- CVE-2024-53197 – now resolved in the April patch
With this month’s security update, Google has now closed the entire exploit chain, effectively preventing future use of this method.
While Google acknowledged real-world exploitation of CVE-2024-53150, the company has yet to share specifics about how the flaw has been leveraged, who may have been targeted, or which threat actors were involved.
As always, Google advises Android users to apply the latest updates as soon as their device manufacturers release them. Security experts also recommend that OEMs fast-track patch distribution to minimize exposure.
