Google updated its May 3 Android security bulletin on Wednesday to say that there are “indications” that four of the 50 vulnerabilities “may be under limited, targeted exploitation.” That was mostly confirmed by Maddie Stone, a member of Google’s Project Zero exploit research group, who clarified on Twitter that the “4 vulns were exploited in-the-wild” as zero-days.
Google Android exploits are a rarity. These four bugs make up a full two-thirds of the six total bugs to be exploited in the wild since 2014, according to Google’s tracking spreadsheet. Project Zero’s Stone went on to celebrate that fact, pointing out that “For 2021, we’ve surpassed the number of 0-days detected in-the-wild in all of 2020. That’s great!”