Google has released patches for 43 vulnerabilities in Android's March 2025 security update, including two zero-days (CVE-2024-50302 and CVE-2024-53104) exploited in targeted attacks to unlock confiscated devices in Serbia using an exploit chain developed by Israeli company Cellebrite. Amnesty International’s Security Lab uncovered the exploit chain, which involves vulnerabilities in the Linux kernel's HID driver, a USB Video Class zero-day patched last month, and an ALSA USB-sound driver flaw. Google shared fixes with OEM partners in January 2025 after becoming aware of the exploitation risks.