The most serious of the flaws fixed is a Media framework information leakage fault that might lead to remote information disclosure with no additional execution privileges required, according to Google. In reality, two information disclosure problems in the Media framework component were fixed this month (CVE20210967 and CVE20210964), both as part of the security patch level 20211201.
Three Framework vulnerabilities (two elevation of privilege and one information exposure, all high severity) and ten System security flaws (two critical – remote code execution and elevation of privilege – and six high severity) are also addressed in the same patch level.