Google releases fixes for 46 Android security flaws — update right now
One high-severity flaw has been actively exploited by hackers in the wild

Google’s May security update for Android has been released, and it contains fixes for 46 security flaws including one that the company says has been actively exploited in the wild.
The vulnerability that Google says has been under limited, targeted exploitation is being tracked as CVE-2025-27363 and has a CVSS score of 8.1 which makes it a high-severity flaw.
This flaw is in the System component and doesn’t require any user interaction for exploitation. It is rooted in an open-source font rendering library, and is a type of out-of-bounds write flaw that could cause code execution when TrueType GX or variable font files are being parsed. Because of its location, it could lead to local code execution without the need for any extra privileges.
CVE-2025-27363 was first disclosed by Facebook in March of 2025 but it has now been remediated in FreeType versions higher than 2.13.0. Other flaws in the May Android update include eight vulnerabilities in the Android System and 15 in the Framework module which could be used for privilege escalation, information disclosure or used for denial-of-service or DDoS attacks.
Google has stated in the security update that exploitation of these issues is made more difficult by the enhancements in newer versions of the Android platform, and the company encourages all users to update to the latest version of Android where possible. They also encourage users to use Google Play Protect so they will receive notifications about potentially dangerous apps.
More from Tom's Guide
- 19 billion passwords compromised — here's how to protect yourself right now
- Over 400,000 hit in massive employee benefits data breach — Social Security numbers and more exposed
- What to do if you’ve been gift card scammed





Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.