Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
8.6

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no ...

CVE-2026-0007 ASB-A-433251166
Summary

In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

What to do
  • Update google platform/frameworks/native to version 16-qpr2-next:2026-03-01.
  • Update google platform/frameworks/native to version 15:2026-03-01.
  • Update google platform/frameworks/native to version 16:2026-03-01.
  • Update google platform/frameworks/native to version 14:2026-03-01.
Affected software
VendorProductAffected versionsFix available
google android 14.0
google android 15.0
google android 16.0
google platform/frameworks/native > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 16-qpr2-next:2026-03-01
google platform/frameworks/native > 15:0 , <= 15:2026-03-01 15:2026-03-01
google platform/frameworks/native > 16:0 , <= 16:2026-03-01 16:2026-03-01
google platform/frameworks/native > 14:0 , <= 14:2026-03-01 14:2026-03-01
Original title
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no ...
Original description
In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1 8.6
Vulnerability type
CWE-1021
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026