A sophisticated proxy code has infected hundreds of thousands of devices already.
A high-severity flaw could result in attackers intercepting information, elevation of privilege and/or denial of service.
Google updates its Android OS to address its own OS and component partners Qualcomm and Broadcom.
Lenovo issued a security bulletin Friday warning customers of two previously disclosed critical Broadcom vulnerabilities impacts 25 models of its popular ThinkPad laptops.
As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.
Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September edition of its Android Security Bulletin on Tuesday.