has urgently addressed three critical zero-day vulnerabilities in its Adreno GPU drivers, which are actively being exploited in targeted attacks against Android devices worldwide. These vulnerabilities—CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038—were disclosed by Google’s Threat Analysis Group (TAG) and have been assigned high CVSS scores, indicating their severity.

Vulnerability Details: • CVE-2025-21479 & CVE-2025-21480: These are incorrect authorization vulnerabilities in the Graphics component, allowing unauthorized command execution in the GPU micronode during specific sequences. This can lead to memory corruption and potential privilege escalation. • CVE-2025-27038: A use-after-free vulnerability in the Graphics component that can cause memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

The affected chipsets include a wide range of Qualcomm Snapdragon processors, impacting billions of Android devices across various manufacturers such as Samsung, Xiaomi, OnePlus, and others.

Qualcomm has released patches for these vulnerabilities to device manufacturers, urging immediate deployment to mitigate potential risks. Users are strongly advised to update their devices as soon as possible to ensure protection against these exploits.

This incident highlights the ongoing security challenges in mobile hardware components and the importance of timely software updates to protect user data and privacy.