If there is one reason why it’s bad to have a single chip maker dominate the Android market, it would be this: a flaw in the chip could affect millions of devices at once. Qualcomm faced this scenario, but thankfully, the company was quick with its fixes, as it issued security patches to close a zero-day exploit.
Qualcomm fixes zero-day flaw
The company claims Google’s Threat Analysis Group notified it about several vulnerabilities affecting its Adreno GPUs.
“There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation. Patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible.”
The first two vulnerabilities, CVE-2025-21479 and CVE-2025-21480, were reported to Qualcomm by Google back in January. This covered incorrect authorization to the GPU’s graphics framework. This vulnerability, if exploited, would have led to memory corruption. As for the third flaw, CVE-2025-27038, it is a use-after-free bug. This is another form of memory corruption. It causes an app to continue to use the device’s memory even after it has been freed.
Unclear which devices are affected
Qualcomm does not mention which devices are affected. But if you use a phone with a Qualcomm chipset, make sure to update to the latest security patch when it is issued by your phone’s OEM. This is because of Android’s open-source nature, in which device manufacturers issue the necessary patches.
As TechCrunch points out, this means that depending on your phone brand/model, you could be left out in the cold longer than others. Google also confirmed to the publication that its lineup of Pixel phones isn’t affected by these vulnerabilities.
This is because Google’s more recent Pixel phones are powered by the company’s own Tensor chipsets. These chipsets are said to be based on Samsung’s Exynos chips, not Qualcomm’s, so these vulnerabilities do not affect them.
