Google Patches 62 Android Vulnerabilities, Including Two Actively Exploited Flaws

Google has rolled out patches addressing 62 security vulnerabilities in Android, two of which have already been exploited in the wild.

The two high-severity vulnerabilities are:

• CVE-2024-53150 (CVSS score: 7.8) — An out-of-bounds read issue within the Kernel's USB subsystem, potentially leading to information disclosure.

• CVE-2024-53197 (CVSS score: 7.8) — A privilege escalation vulnerability in the Kernel's USB component.

In its April 2025 security bulletin, Google noted that the most serious of these issues could allow for remote privilege escalation without the need for any user interaction or extra execution privileges.

The company confirmed that both CVE-2024-53150 and CVE-2024-53197 have likely been subject to limited, targeted attacks.

Interestingly, CVE-2024-53197 had already been identified and patched in the Linux kernel last year, along with CVE-2024-53104 and CVE-2024-50302. According to research from Amnesty International, these three vulnerabilities were chained together in an attack that compromised the Android device of a Serbian youth activist in December 2024.

Google previously addressed CVE-2024-53104 in February 2025, and CVE-2024-50302 in March 2025. With this latest patch cycle, all three vulnerabilities linked to the real-world exploitation incident have now been resolved.

At this time, no further details have been shared about how CVE-2024-53150 was exploited, the identity of the attackers, or the potential targets.

Android users are strongly encouraged to apply security updates as soon as they are made available by their OEMs to protect their devices from known and emerging threats.