GrapheneOS fixes Android VPN leak Google refused to patch

📅 6 May 2026 at 14:13 UTC📰 Cyber InsiderView original source ↗

GrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled. The issue, disclosed last week by security researcher “lowlevel/Yusuf,” affected Android 16 and stemmed from a … The post GrapheneOS fixes Android VPN leak Google refused to patch appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A previously undisclosed Android VPN bypass vulnerability was discovered, allowing ordinary applications with limited permissions to leak a user's real IP address even when Always-On VPN and Block connections without VPN protections were enabled.

⚙️Technical Details

💥Impact Assessment

Severity: high

🛡️Recommended Actions

1Apply the latest GrapheneOS update to Pixel devices running Android 16

2Disable close_quic_connection DeviceConfig flag using ADB for temporary mitigation (requires developer access)

3Monitor for future updates and patches from Google and GrapheneOS

📦Affected Products

Product Name: Google Pixel devicesOperating System: Android 16

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed