Google Patches Actively Exploited Qualcomm Vulnerabilities in Android
TL;DR
Google has released critical security updates addressing multiple Android vulnerabilities, including two actively exploited Qualcomm flaws. These updates are essential for protecting devices from potential cyber threats. Users are strongly advised to update their devices immediately to mitigate risks.
Google Addresses Critical Android Vulnerabilities
Google has rolled out crucial security updates to fix multiple Android vulnerabilities, including two significant Qualcomm flaws that were actively exploited. These vulnerabilities, identified as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), posed substantial risks to Android devices.
Vulnerability Details
In June, Google’s Android Security team reported three critical issues to Qualcomm, tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038. According to the report published by Qualcomm:
“There are indications from Google Threat Analysis Group that these vulnerabilities may be under limited, targeted exploitation. Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May, with a strong recommendation to deploy the update on affected devices as soon as possible.”
Descriptions of the Vulnerabilities
-
CVE-2025-21479 (CVSS score: 8.6) – This flaw involves an Incorrect Authorization issue in the Graphics component, leading to memory corruption due to unauthorized command execution in the GPU micronode while executing specific sequences of commands.
-
CVE-2025-21480 (CVSS score: 8.6) – Similar to CVE-2025-21479, this vulnerability is an Incorrect Authorization issue in Graphics Windows, resulting in memory corruption due to unauthorized command execution in the GPU micronode.
-
CVE-2025-27038 (CVSS score: 7.5) – This flaw is a use-after-free issue in the Graphics component, causing memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Government Response and Additional Fixes
In early July, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added these Qualcomm chipset flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Google also addressed a critical vulnerability, tracked as CVE-2025-48530, in the System component. This flaw could enable remote code execution without user interaction or additional privileges when combined with other bugs.
Patch Levels and User Recommendations
Google has released two Android patch levels, 2025-08-01 and 2025-08-05, with the latter including fixes from Arm and Qualcomm. Users are strongly urged to update their devices as soon as possible to protect against these vulnerabilities.
Conclusion
The proactive measures taken by Google and Qualcomm highlight the ongoing efforts to enhance the security of Android devices. Users must remain vigilant and ensure their devices are updated with the latest security patches to safeguard against potential exploits.
For more details, visit the full article: source
Additional Resources
For further insights, check out these authoritative sources:
This revised article adheres to the guidelines provided, ensuring clarity, SEO optimization, readability, and proper formatting.