Google has released a series of important security updates to address multiple vulnerabilities in the Android operating system, particularly those associated with Qualcomm chipsets. The updates, which include fixes for three critical vulnerabilities, aim to prevent potential exploitation by malicious actors.
The vulnerabilities addressed in this update include CVE-2025-21479 and CVE-2025-27038, both flagged with high CVSS scores of 8.6 and 7.5, respectively. These vulnerabilities were disclosed by Qualcomm back in June 2025, amid reports indicating that they were being actively exploited in the wild. According to Qualcomm, there are concerns that these flaws could lead to memory corruption and unauthorized command execution.
Specifically, CVE-2025-21479 relates to an incorrect authorization vulnerability within the Graphics component of Android, while CVE-2025-27038 is identified as a use-after-free vulnerability. Both issues can potentially result in system instability during graphics rendering, particularly utilizing Adreno GPU drivers in Chrome. The Cybersecurity and Infrastructure Security Agency (CISA) has since added these flaws to its Known Exploited Vulnerabilities catalog, underlining their seriousness.
In response to the updates, Google is urging Android device users to apply the patches as they become available. This advisement is crucial given that similar vulnerabilities have previously been exploited by commercial spyware vendors, highlighting the potential risks to user privacy and data security.
Google’s August patch rollout also addresses other high-severity issues, including privilege escalation flaws in the Android Framework and a critical bug that could result in remote code execution. Users are encouraged to keep their devices updated to defend against any potential threats.