In October, security researchers discovered a major vulnerability in a Wi-Fi's WPA2 security called "KRACK." This "Key Reinstallation Attack" can disrupt the initial encryption handshake that happens when an access point and a device first connect, allowing an attacker to read information assumed to be securely encrypted. It's possible to totally defeat WPA2 encryption using KRACK, allowing a third party to sniff all the Wi-Fi packets you're sending out. Any device that uses Wi-Fi and WPA2 is most likely vulnerable to the bug, which at this point is basically every wireless gadget on Earth.
Google and the rest of the OEMs are working to clean up Android's KRACK epidemic, and, on Monday, Google addressed the bug in the November Android Security Bulletin. A patch was posted this week to the Android Open Source Project (AOSP) repository, and, at the same time, Google started rolling out a November security update to Google Pixel and Nexus devices. But if you read the bulletin closely, you'll see the November security patch for Google devices does not contain the KRACK fix.