Google has rolled out 12 over-the-air security fixes, five of which are listed as critical, to squash bugs in Nexus devices as part of the firm's monthly Android security update.
The most critical flaw could allow hackers to remotely inject malicious code into a device through email, text message or the web browser.
The flaw is eerily similar to the previously disclosed Stagefright exploit that initially left up to 95 percent of Android devices open to attack, especially in regards to flaws with the internal mediaserver component.
The Google advisory said: "During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process.
"The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.
"The mediaserver service has access to audio and video streams as well as access to privileges that third-party apps cannot normally access."
Google is releasing the updates for the Nexus range, but the responsibility rests with vendors and carriers to push the updates to other Android-based devices.
Additionally, Google admitted that it sent out the updates to all its Android partners on 7 December last year.
Other critical flaws stem from elevation of privilege vulnerabilities in the misc-sd driver from MediaTek, a driver from Imagination Technologies, a Widevine QSEE TrustZone application and in the kernel.
According to the advisory, two further bugs (CVE-2015-6641 to CVE-2015-6642) are listed as high severity, while five (CVE 6643 to 6646 and 5310) are listed as moderate.
Google said that it has received no reports of active exploitation of these newly reported flaws, but stressed that keeping software fully updated is the best way to reduce the threat of attack.
"Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible," stated the advisory.
The source code patches for these vulnerabilities will be released to the Android Open Source Project repository in the next two days.
Intel wants to get inside your car, despite missing out on mobile
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith