Google and CISA warn of dangerous Android 0-day device attacks. Install the newest update today for strong protection.

Google has issued a major security update for Android devices. A high-severity bug in Qualcomm chips is being targeted by attackers. UK Android users must update right away to stay safe. 

The flaw, tracked as CVE-2026-21385, hit the headlines in Google’s March 2026 Android Security Bulletin. Released on March 2, 2026, the bulletin patches 129 vulnerabilities. This Qualcomm graphics component issue stands out as actively exploited.

Experts call it a buffer overflow or integer overflow. It causes memory corruption when handling user data without proper checks. With a CVSS score of 7.8, it is rated as high severity. Attackers can bypass security and gain system control. 

Google’s Android Security team spotted the problem first. They reported it to Qualcomm on December 18, 2025. Qualcomm warned customers on February 2, 2026. Real-world exploits soon followed in limited, targeted strikes. 

The US Cybersecurity and Infrastructure Security Agency (CISA) added urgency. On March 4, 2026, CISA listed CVE-2026-21385 in its Known Exploited Vulnerabilities catalogue. US federal agencies must fix it by March 24, 2026. CISA urges all organisations, including UK firms, to patch fast. 

It affects over 230 Qualcomm chipsets in millions of Android phones worldwide. Popular models from Samsung, OnePlus, and others use these chips. UK users with devices on older patches face higher risks from spyware or data theft. 

Why now? Spies and hackers target high-value users, such as journalists or executives. Google says attacks are “limited and targeted,” not mass hacks. Still, no one knows the full details of the methods used. 

The current status shows patches in two levels: 2026-03-01 and 2026-03-05. Devices on 2026-03-05 or later are fully protected. The bulletin also fixes a critical remote code execution bug in the Android system, CVE-2026-0006. 

Check Settings-System-System Update. Enable auto updates to avoid delays. Phone makers and carriers roll out patches, so timing varies by model.

Matthew Boynton, a senior security manager, warns, “Attackers could initiate severe memory corruption.” He stresses OEMs control update speed. Google pushes for quick fixes. 

This joins recent Google threats like Chrome issues. Android powers most UK smartphones. Over 80% of mobiles here run it, per market data. 

Stay safe by updating today. Back up data first. Use strong locks and avoid shady apps. Report issues to your carrier if patches lag. 

In summary, act fast on this 0-day threat. Google and CISA confirm real attacks via Qualcomm’s flaw. Patched devices block hackers. UK owners, prioritise your phone’s security now.