Google urgently patches major Qualcomm security flaw hitting Android phones – so make sure you update now
- Android phones possibly under threat from worrying security threat
- Qualcomm releases fix for two major flaws in May and urged OEMs to apply it
- Google released a patch, so users should update now
Google has patched a major vulnerability affecting Android smartphones which is being actively exploited in the wild.
In June 2025, Qualcomm publicly announced discovering three vulnerabilities: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, saying they were “indications” from Google Threat Analysis Group (TAG) the flaws were being used in “limited, targeted exploitation.”
TAG specifically focuses on tracking state-sponsored threat actors, along with other highly sophisticated hacking groups, so if these were being used in limited and targeted exploitation, it’s safe to assume that these were nation-states targeting high-value individuals such as diplomats, journalists, dissidents, scientists, and similar.
CISA sounds the alarm
At the time, Qualcomm also urged OEMs (such as Google), to deploy the patch in their products without delay.
“Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible,” Qualcomm said.
Google has now issued it August 2025 update for Android, which includes fixes for two of the flaws: CVE-2025-21479 and CVE-2025-27038.
The former is described as “memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands,” and was given a severity score of 8.6/10 (high). The latter is described as “memory corruption while rendering graphics using Adreno GPU drivers in Chrome,” with a severity score of 7.5/10 (high).
The US Cybersecurity and Infrastructure Security Agency (CISA) also added these two bugs to its Known Exploited Vulnerabilities (KEV) catalog on June 3, giving Federal Civilian Executive Branch (FCEB) organizations a three-week deadline to patch up, or stop using vulnerable software entirely.
Given Android’s decentralized structure, it is safe to assume that different devices (for example, Samsung’s Galaxy lineup, or OnePlus’ One lineup) will be getting these updates at different times. Pixel, being Google’s lineup of mobile phones, will most likely receive the updates first.
Via BleepingComputer
You might also like
Android phones possibly under threat from worrying security threat Qualcomm releases fix for two major flaws in May and urged OEMs to apply it Google released a patch, so users should update now Google has patched a major vulnerability affecting Android smartphones which is being actively exploited in the wild.…
