Google has begun rolling out its August 2025 security bulletin for Android 16, fixing six vulnerabilities, two of which were already under active exploitation. The most urgent issues—CVE-2025-21479 and CVE-2025-27038—stem from Qualcomm’s Adreno GPU drivers and carry CVSS scores of 8.6 and 7.5, respectively. Both flaws can trigger memory corruption and potentially allow attackers to hijack a device without user interaction. Google’s Threat Analysis Group reported limited, targeted attacks using the two Qualcomm bugs earlier this year. The U.S. Cybersecurity and Infrastructure Security Agency added the flaws to its Known Exploited Vulnerabilities catalogue on 3 June and required federal agencies to patch by 24 June. Google’s latest update also remedies a critical system component weakness, CVE-2025-48530, that could enable remote code execution when chained with other bugs. Two patch levels are available—2025-08-01 and 2025-08-05—the latter bundling fixes for closed-source components from Arm and Qualcomm. Pixel devices receive the update immediately, while other handset makers will distribute it after their own testing cycles. Google and security researchers are urging users to install the patches as soon as their devices are eligible. For Pixel owners, the over-the-air package delivers additional quality-of-life fixes, notably resolving a navigation glitch that left the back and gesture controls intermittently unresponsive following June’s Android 16 release. The update also corrects scheduled dark-theme behaviour and includes general stability improvements.