- Aug 17, 2014
Security updates that Google released this week for Android resolve 43 vulnerabilities, including three that have been exploited in attacks.
The exploited flaws, tracked as CVE-2023-2136, CVE-2023-26083, and CVE-2021-29256, impact Android’s System and Arm Mali components.
The internet giant says “there are indications” that these security defects “may be under limited, targeted exploitation”.
CVE-2023-2136 was disclosed in April as a zero-day vulnerability in the Chrome browser, and is described as an integer overflow issue in Skia.
The bug allows “a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page,” a NIST advisory explains.
According to Google’s July 2023 Android security bulletin, the vulnerability can be exploited to achieve remote code execution on Android devices.