From: schmidtisblog.de
Published in cooperation with schmidtisblog.de
Google is rolling out the March 2026 update for Android and closes 117 security holes, including a remote vulnerability that has already been actively exploited. Users should install the update quickly.
Google opens the floodgates and distributes the security update for March 2026. After relatively quiet previous months, the current bulletin plugs a total of 10 critical and 107 highly dangerous leaks. A vulnerability in the system component is particularly explosive. Attackers can execute malicious code remotely.
No user interaction is required for this. Google also warns about the CVE-2026-21385 vulnerability in Qualcomm displays. According to initial findings, this is already being actively exploited for targeted attacks.
Multiple stages: When Android users receive the updates
As usual, the update is divided into two seasons. The patch level from March 1st corrects errors in the Android framework. Anyone who sees the status from March 5th on their device will also receive driver fixes for hardware from Qualcomm, MediaTek and Arm.
Pixel owners are currently still waiting for the appropriate feature drop and Android 16 QPR3. These should arrive in the next few hours. For other manufacturers, distribution depends, as always, on their individual update commitments.
New update cycle causes discussions
Meanwhile, a new publishing system is causing discussions in the community. Google only bundles large patches every three months. In the meantime, the company is only fixing critical bugs. This means that many smartphones theoretically have known, moderate security vulnerabilities for longer.
Only those who deliver full updates every month can guarantee maximum security. Google also recommends developers switch to the new AOSP branch called android-latest-release. In the future, this will always refer to the latest stable source code.
Vulnerability is being actively exploited: Update should be installed as quickly as possible
The source code patches will land in the public repository within two days. Users should check the system settings to see whether the update is already available for installation. Since active exploitation is taking place, haste is essential. Any open gap represents an unnecessary risk to personal data. Remote code execution in particular without user interaction makes this patch month a mandatory task for all Android users.
About the Author
