Google Workspace: Unprivileged User Can Execute Arbitrary Code

Summary

An unprivileged user in Google Workspace can potentially run malicious code as an administrator. This requires user interaction and can lead to unauthorized access to sensitive data or system changes. To stay safe, ensure all users understand the risks and are careful when interacting with suspicious emails or messages.

What to do

Update google platform/frameworks/base to version 16-qpr2-next:2026-03-01.
Update google platform/frameworks/base to version 15:2026-03-01.
Update google platform/frameworks/base to version 16:2026-03-01.
Update google platform/frameworks/base to version 16-qpr2:2026-03-01.
Update google platform/frameworks/base to version 14:2026-03-01.

Affected software

Vendor	Product	Affected versions	Fix available
google	android	14.0	–
google	android	15.0	–
google	android	16.0	–
google	android	16.0	–
google	android	16.0	–
google	android	16.0	–
google	platform/frameworks/base	> 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01	16-qpr2-next:2026-03-01
google	platform/frameworks/base	> 15:0 , <= 15:2026-03-01	15:2026-03-01
google	platform/frameworks/base	> 16:0 , <= 16:2026-03-01	16:2026-03-01
google	platform/frameworks/base	> 16-qpr2:0 , <= 16-qpr2:2026-03-01	16-qpr2:2026-03-01
google	platform/frameworks/base	> 14:0 , <= 14:2026-03-01	14:2026-03-01

Original title

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges nee...

Original description

In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

nvd CVSS3.1 7.8

Vulnerability type

CWE-441