Google patched 62 Android vulnerabilities in April 2025, including two zero-days exploited in targeted attacks, one linked to a Serbian police operation using Cellebrite tools. The first zero-day (CVE-2024-53197) involved a privilege escalation in the Linux kernel's USB-audio driver. The second zero-day (CVE-2024-53150) allowed attackers access to sensitive information via an out-of-bounds read. The updates were shared with OEM partners in January, and additional security flaws were addressed in the monthly patches.
Google Fixes Android Zero-days Exploited in Attacks, 60 Other Flaws
