Qualcomm Patches Zero-Day GPU Vulnerabilities Exploited by Hackers, Google Confirms Active Threats

Chip manufacturer Qualcomm has issued security patches to address three high-risk zero-day vulnerabilities found in its Adreno GPU driver, after being alerted by Google’s Threat Analysis Group (TAG) about ongoing exploitation by cyber attackers.

The vulnerabilities — tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 — impact multiple Qualcomm chipsets and could enable remote hackers to gain control of Android devices or install spyware.

“There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,” Qualcomm said in a security advisory released on Monday.

What Are the Exploits?

CVE-2025-21479 and CVE-2025-21480: Improper Authorization Bugs

Both flaws were reported by Google’s Android Security team in January 2025. These issues involve incorrect authorization within the graphics framework, which could lead to memory corruption vulnerabilities in the GPU’s processing.

CVE-2025-27038: Use-After-Free Vulnerability

Reported in March, this bug is described as a use-after-free flaw — a common type of memory error where a program uses memory after it has been released. It is believed to be related to the rendering pipeline in Chrome when run on devices using Adreno GPU drivers.

Patches Rolled Out to OEMs, Urgent Deployment Advised

In May 2025, Qualcomm issued security updates to original equipment manufacturers (OEMs) for all three vulnerabilities, urging them to deploy patches to affected devices without delay.

“We encourage end users to apply security updates as they become available from device makers,” said Qualcomm spokesperson Dave Schefcik in a statement.

While Qualcomm did not disclose the specific devices impacted, users are advised to check with their phone manufacturers for security update availability.

Google: Pixel Phones Not Affected

A Google spokesperson confirmed to TechCrunch that Pixel devices are not affected by these vulnerabilities, which provides some relief to users of Google’s flagship phones.

Spyware Alert: Attackers Using Exploit Chain with NoviSpy

NoviSpy Linked to Qualcomm Exploits

According to Google’s TAG team, attackers have used these vulnerabilities as part of a full exploit chain to deploy a spyware called NoviSpy. A report by Bleeping Computer confirmed that this sophisticated spyware can bypass Android’s built-in protections and gain kernel-level access, which is the deepest level of an operating system.

The spyware reportedly takes advantage of all three vulnerabilities to compromise the device entirely.

Growing Concerns Over Hardware-Level Exploits

The emergence of such targeted threats highlights increasing concerns among cybersecurity experts about how advanced threat actors are leveraging hardware and driver-level flaws to conduct surveillance and attacks.

With patches now available, both Qualcomm and Google are urging phone manufacturers and users to apply updates immediately to mitigate the threat.

Conclusion: Stay Updated, Stay Protected (Expanded to ~150 words)

In today’s rapidly evolving digital landscape, sophisticated security exploits are becoming increasingly common, with attackers targeting vulnerabilities at both the hardware and software levels.

The recent zero-day flaws in Qualcomm’s Adreno GPU drivers — actively exploited in the wild — serve as a stark reminder of the risks posed by unpatched systems. Qualcomm’s swift response, alongside Google's threat intelligence and the efforts of cybersecurity researchers, highlights the severity of these threats and the importance of timely intervention. Although patches have been made available to OEMs, the responsibility now shifts to device manufacturers to roll out these updates — and to users to install them promptly.

Failure to do so could leave devices exposed to spyware like NoviSpy, which can deeply compromise privacy and control. Staying informed and regularly updating devices is no longer optional — it is a fundamental part of digital safety. Users must remain vigilant and proactive to safeguard their data and privacy.