Google has released a new security update for the Android operating system, addressing 45 vulnerabilities, including a critical flaw in the FreeType computer font library. The vulnerability, labeled CVE-2025-27363, allowed attackers to execute arbitrary code on a device without any user interaction. According to BleepingComputer, Facebook researchers discovered the flaw in March 2025.
This issue affects all versions of FreeType up to 2.13.0, which was released in February 2023. There are also indications that the exploit has already been used in limited targeted attacks. The error occurs when processing malicious files with TrueType GX fonts and is related to improper handling of subglyph structures, leading to a buffer overflow and potential remote code execution.
Additional Vulnerabilities and Patch Availability
Besides the FreeType vulnerability, the update fixes issues across multiple components of Android, including the Framework, System, Google Play, and Android kernel. It also addresses vulnerabilities found in chipsets from MediaTek, Qualcomm, Arm, and Imagination Technologies. Many of these bugs allowed for privilege escalation and were marked with a high severity level.
The security patches are available for Android versions 13, 14, and 15. Not all vulnerabilities affect each version, but users running these operating systems are encouraged to update immediately, notes NIXsolutions. Android 12 officially stopped receiving security updates on March 31, 2025, and older versions no longer receive protection. Although some critical patches might still be delivered via Google Play System Updates, there is no guarantee these will reach outdated devices.
We’ll keep you updated as more fixes and integration options become available through official channels or alternative distributions.
Update Instructions and Expert Recommendations
To check if your device has received the update, navigate to Settings → Security & Privacy → System & Updates → Security Update, and tap Check for Updates. Keep in mind that the exact menu names may vary depending on your device model and manufacturer.
Experts recommend that users with Android 12 or older either upgrade to a newer Android version or consider installing custom firmware that includes current security patches. Without such updates, devices remain vulnerable to active exploitation.