Google’s monthly security update for Android this month was heavy on vulnerabilities in third-party components. The diversity of Android devices means Google has to stay on top of vulnerabilities in various chip-set and other hardware drivers.
Unlike Apple, Google doesn’t control all the elements in the Android ecosystem, so keeping Android secure becomes a supply chain problem. Google has to depend on chip-set partners to improve their testing process before contributing code to Android and to promptly submit patches to fix vulnerabilities.