Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Google Releases Android Updates to Fix Exploitable FreeType Vulnerability

Comment

Google Releases Android Updates to Fix Exploitable FreeType Vulnerability

Netvora May 6, 2025 at 07:30 AM Security
Google Releases Android Updates to Fix Exploitable FreeType Vulnerability

Google Releases Android Updates to Fix Exploitable FreeType Vulnerability

By Netvora Tech News

Google has rolled out Android updates to address an actively exploited vulnerability in FreeType, a free library used by browsers to display fonts. Facebook first warned about the issue in early March, saying it contained an out-of-bounds write that could lead to the execution of arbitrary code. The vulnerability, identified as CVE-2025-27363, is believed to have been actively exploited, but Facebook did not provide further details.

FreeType Library at Center of Concern

FreeType is a widely used library for font rendering, and its vulnerable versions could be exploited to execute malicious code. The vulnerability occurs when processing "font subglyph structures" and could be used to gain unauthorized access to devices. Google has assessed the impact of the vulnerability as "high" rather than critical, despite its potential for remote code execution.

Android Updates Available

The updates are available for Android 13, 14, and 15, and Google has already informed device manufacturers about the vulnerability. However, it's unclear whether all Android devices will receive the updates. Some devices may no longer receive updates from their manufacturers, or the updates may be rolled out at a later time.

Patch Levels and Update Requirements

Google uses patch levels, which are dated, to track updates. Devices that have received the May updates will have a patch level of "2025-05-01" or "2025-05-05". Manufacturers that want to provide their devices with this patch level must include all updates from the May Android bulletin and then roll them out to their users. The updates are designed to fix the vulnerability and prevent remote code execution.

Impact and Mitigation

While the vulnerability is considered high-impact, Google has not provided further details about its exploitation. However, the availability of the updates and the fact that manufacturers have been informed suggest that the issue is being taken seriously. Users are advised to check their devices for updates and ensure they are running the latest version of Android to minimize the risk of exploitation.

  • Android 13 and 14 have been patched
  • Android 15 is also affected, but updates are available
  • Manufacturers have been informed of the vulnerability
  • Device updates may not be available for all devices

Comments (0)

Leave a comment

Back to homepage

You might also like