In a digital cat-and-mouse game playing out right now, Google has unleashed an urgent security update tackling 62 vulnerabilities in Android devices—with two dangerous flaws already being exploited by attackers in the wild.
Security experts are particularly concerned about the twin high-severity bugs lurking in Android’s USB kernel component:
- CVE-2024-53150: This sneaky out-of-bounds vulnerability (scoring a worrying 7.8 on the CVSS scale) could leak sensitive information from your device
- CVE-2024-53197: An equally threatening privilege escalation bug (also scoring 7.8) that could give attackers dangerous levels of control
“We’ve discovered a critical security vulnerability in the System component that could allow remote attackers to gain elevated privileges without requiring additional execution privileges,” warned Google in their April 2025 security bulletin. The most alarming part? “Users don’t need to do anything for this attack to work.”
Google acknowledged these vulnerabilities weren’t just theoretical threats—they’ve already been used in “limited, targeted attacks” in the real world.
In a fascinating twist, CVE-2024-53197 isn’t even new—it’s actually rooted in the Linux kernel and was technically patched last year. This vulnerability formed part of a sophisticated three-part attack chain (alongside CVE-2024-53104 and CVE-2024-50302) that successfully compromised a Serbian youth activist’s Android phone in December 2024, according to Amnesty International.
While Google squashed CVE-2024-53104 in February and tackled CVE-2024-50302 last month, today’s update finally closes all three security holes—potentially shutting down this particular attack method for good.
The mystery deepens around CVE-2024-53150, as Google remains tight-lipped about who’s exploiting it, how they’re doing it, and who’s being targeted.
Don’t wait—check for updates on your Android device as soon as your manufacturer releases them. In this digital arms race, staying current might be your best defense.