好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住主要信息。 文章讲的是Google发布了安全更新,修复了129个Android漏洞,其中包括一个被积极利用的零日漏洞。这个漏洞是在Qualcomm的显示组件中发现的。Google在3月的安全公告中提到,CVE-2026-21385可能正在被有限、有针对性地利用。虽然没有提供更多攻击细节,但Qualcomm的安全公告显示这是一个整数溢出漏洞,本地攻击者可以利用它来触发内存损坏。 Qualcomm在12月18日被通知到这个高危漏洞,并在2月2日通知了客户。这个漏洞影响了235个Qualcomm芯片组。Google的更新修复了系统、框架和内核组件中的10个关键漏洞,其中最严重的是系统组件中的远程代码执行漏洞,无需额外权限且不需要用户交互。 Google发布了两组补丁:2026-03-01和2026-03-05安全补丁级别。Pixel设备立即收到更新,其他厂商可能需要更长时间测试和调整。 总结时需要包括:Google修复了129个漏洞,包括一个被利用的零日漏洞(CVE-2026-21385),该漏洞影响Qualcomm芯片组;修复了多个关键漏洞;Pixel设备立即更新;其他厂商可能延迟。 </think> Google修复了Android系统的129个安全漏洞,其中包括一个被积极利用的高危零日漏洞(CVE-2026-21385),影响 Qualcomm 芯片组。此次更新还修复了多个关键漏洞,包括可能导致远程代码执行的系统组件问题。Pixel 设备已获更新,其他厂商需时间适配。 2026-3-3 08:30:20 Author: www.bleepingcomputer.com(查看原文) 阅读量:27 收藏
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.
"There are indications that CVE-2026-21385 may be under limited, targeted exploitation," the company said on Monday in its March 2025 Android Security Bulletin.
While Google didn't provide any further information on the attacks currently targeting this vulnerability, Qualcomm revealed in a separate security advisory issued on February 3 that the flaw is an integer overflow or wraparound in the Graphics subcomponent that local attackers can exploit to trigger memory corruption.
Qualcomm says it was alerted to this high-severity vulnerability on December 18, and it notified customers on February 2. According to its February advisory, which has yet to flag CVE-2026-21385 as exploited in attacks, the security flaw affects 235 Qualcomm chipsets.
With this month's Android security updates, Google fixed 10 critical security vulnerabilities in the System, Framework, and Kernel components that attackers exploit to gain remote code execution, elevate privileges, or trigger denial-of-service conditions.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation," Google said.
Google issued two sets of patches: the 2026-03-01 and 2026-03-05 security patch levels. The latter bundles all fixes from the first batch, as well as patches for closed-source third-party and kernel subcomponents, which may not apply to all Android devices.
While Google Pixel devices receive security updates immediately, other vendors often take longer to test and tweak them for specific hardware configurations.
Google and Qualcomm spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today regarding the CVE-2026-21385 attacks and their targets.
Google released patches for two other high-severity zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572) in December, both of which were also tagged as "under limited, targeted exploitation."
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
如有侵权请联系:admin#unsafe.sh