Qualcomm fixes multiple zero-day chip flaws after Google warns of active exploits by hackers
Chipmaker Qualcomm has rolled out security patches to fix three serious zero-day vulnerabilities affecting its Adreno GPU (graphics processing unit) driver, after Google warned that hackers were actively exploiting these flaws in targeted attacks. The issues came to light after Google's Threat Analysis Group (TAG) shared evidence that the vulnerabilities — tracked as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 — were being used in the wild. These flaws affect dozens of chipsets and could allow attackers to gain control of a device or install spyware.advertisement'There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation,' Qualcomm said in a security advisory on Monday.The first two vulnerabilities, CVE-2025-21479 and CVE-2025-21480, were reported to Qualcomm in January by Google's Android Security team. These issues are related to incorrect authorisation in the GPU's graphics framework, which can lead to memory corruption. The third flaw, CVE-2025-27038, was reported in March and is described as a use-after-free bug – a type of memory corruption that happens when a program continues to use memory after it has been freed.
The third vulnerability is believed to be connected to the rendering process in Chrome when using Adreno GPU drivers.Qualcomm said it provided patches for all three vulnerabilities to original equipment manufacturers (OEMs) in May. The company says that the patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver have been made available to OEMs in May together with a strong recommendation to deploy the update on affected devices as soon as possible.advertisementWhile the specific devices affected were not listed, Qualcomm advised users to contact their device makers for patch information. 'We encourage end users to apply security updates as they become available from device makers,' Qualcomm spokesperson Dave Schefcik said in a statement.Google also confirmed that its Pixel line of smartphones were not affected by these vulnerabilities, a Google spokesperson told TechCrunch.The situation is more serious for some Android users, as Google's TAG team also discovered signs of spyware being used alongside these flaws. According to a report from Bleeping Computer, TAG found evidence that attackers used these vulnerabilities to install a spyware called NoviSpy, which can bypass Android's built-in security and gain deep access to a device.The spyware was reportedly installed using a full exploit chain, which involves combining multiple bugs to bypass protections and gain control of the device at the kernel level, which is the deepest layer of the operating system.The discovery adds to growing concerns about how sophisticated threat actors are finding ways to exploit hardware and software vulnerabilities for targeted surveillance.With the fixes now available, Qualcomm and Google are urging phone makers to push the patches to users as soon as possible to prevent further misuse of these security holes. Users, in turn, are advised to keep their devices updated and stay alert for software updates issued by their phone manufacturers.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
an hour ago
- Mint
Microsoft integrates AI shopping into Copilot app, bringing price tracking and smart comparisons
Microsoft has launched Copilot Shopping, an AI-enhanced shopping experience built into its Copilot app for web and mobile users, offering a streamlined end-to-end purchasing journey powered by artificial intelligence. The new feature is also expected to arrive on AI-powered desktop PCs in the near future. Announced during Microsoft's 50th anniversary celebrations, Copilot Shopping aims to transform the way users discover, compare, and buy products online. The system allows users to explore items based on natural language queries, track prices, view consumer reviews, and even complete purchases without ever leaving the app. According to a recent post by Microsoft Copilot's official account on X, the feature builds on the company's efforts to bring generative AI to everyday tasks. It comes shortly after similar initiatives by Google and OpenAI, which introduced AI shopping capabilities via Search and ChatGPT, respectively. Copilot Shopping works as a comprehensive virtual assistant that starts from product discovery and carries the user all the way to checkout. Users can ask specific or open-ended questions—such as 'What's the best smartwatch for fitness tracking?' or 'I'm starting to learn photography. What gear do I need?'—and the AI will respond with curated, interactive visual cards showing relevant products. These product listings include summaries, technical specifications, pros and cons, and user-generated reviews. Once a product is selected, Copilot compares prices across multiple retailers, showing users the most competitive rates. From there, shoppers can proceed to checkout natively within the app, avoiding the need to switch between different e-commerce platforms. One of the more innovative aspects of Copilot Shopping is its price tracking capability. The tool displays the historical price range of a product and allows users to set a preferred purchase price using a slider interface. If and when the product's price matches the desired level, the app sends a notification, prompting the user to finalise the purchase directly. Microsoft began testing the shopping feature last month, as reported by TestingCatalog. With its rollout now underway, the tech giant is positioning Copilot Shopping as an AI-first retail companion, offering both convenience and insight in an increasingly crowded e-commerce landscape.
Mint
2 hours ago
- Mint
UK watchdog pushes Amazon to rein in misleading product ratings: Know what happened
Amazon has pledged to step up its efforts in tackling fake reviews after reaching an agreement with the UK's competition watchdog, the Competition and Markets Authority (CMA). The commitment follows a CMA investigation launched in 2021 to scrutinise whether major online platforms like Amazon and Google were adequately protecting consumers from misleading online ratings. The probe was prompted by the sharp rise in online shopping during the COVID-19 pandemic, which exposed widespread manipulation of product reviews. You may be interested in Under the agreement, Amazon has vowed to enhance its systems aimed at detecting and removing fake reviews. This includes clamping down on a practice known as "catalogue abuse", where sellers artificially boost the reputation of a product by linking it to positive reviews meant for entirely different items. The CMA highlighted a common example of this tactic: shoppers may see a pair of headphones with an impressive five-star rating, only to discover that the reviews actually refer to a mobile phone charger. Amazon will now take stronger action against those engaging in such deceptive practices, including banning businesses from selling on its platform and prohibiting users who repeatedly post fake reviews. Sarah Cardell, Chief Executive of the CMA, emphasised the significance of trustworthy reviews. 'Millions of people shop on Amazon, and star ratings and reviews play a crucial role in what they choose to buy. These undertakings mean shoppers can be more confident that what they see is genuine and that those trying to mislead them will face serious consequences,' she said. This move builds on a similar undertaking secured from Google earlier this year, as part of the CMA's wider effort to ensure online platforms take greater responsibility for protecting consumers. In a statement, Amazon reaffirmed its 'zero tolerance' stance on fake reviews and said the new measures complement its current initiatives. 'We invest substantial resources in preventing fake reviews from appearing in our store, including expert investigators and machine learning tools that analyse thousands of data points to detect suspicious activity,' the company stated. The new commitments apply specifically to Amazon's UK website and are intended to align the company more closely with British consumer protection laws.
Mint
3 hours ago
- Mint
How Sundar Pichai responded to 'Google's lost... it's over. You're the wrong guy to lead Google' remark
In a candid exchange during a recent podcast with YouTuber and researcher Lex Fridman, Alphabet CEO Sundar Pichai addressed growing public criticism about Google's perceived loss of momentum in the AI race, saying he remains confident in the company's long-term vision and leadership. Responding to a pointed comment —'Google's lost... it's over. You're the wrong guy to lead Google' — Pichai reflected on the strategic decisions he has made as CEO, emphasising the company's commitment to becoming 'AI-first' and responsibly building artificial general intelligence (AGI). 'Obviously, the main bet as a CEO I made was to make sure the company was approaching everything in an AI-first way,' Pichai said. 'We've made sure we put out products that are useful to people. I had a good sense of what we were building internally even during the turbulence last year.' Pichai highlighted several foundational moves made under his leadership, including the merger of Google Brain and DeepMind into the unified Google DeepMind team, a decision he believes has strengthened the company's AI research capabilities. He also referenced Google's early investment in Tensor Processing Units (TPUs) over a decade ago, which he said has been critical in scaling up and training large AI models like Gemini. In his characteristic calm tone, Pichai described his approach to leadership amid criticism. 'I am good at tuning out the noise and separating signal from noise,' he remarked, drawing an analogy to scuba diving. 'Sometimes, you jump in the ocean and it's choppy. But you go just a foot below, and it's the calmest thing in the universe.' He compared running Google to managing an elite football club like Barcelona or Real Madrid — where one rough season does not negate the strength of the squad or the long-term strategy. 'You watch the signals, and while some good feedback may come from the outside, internally you're making a set of consequential decisions. Many may feel inconsequential at the time, but they add up.' Despite challenges, Pichai believes Google is well-positioned in the AI landscape. 'We had to ramp up the TPUs, train Gemini, and scale our compute. To me, it seemed like the biggest opportunity space of the next decade — bigger than what we've seen before,' he said. 'We're set up better than most companies in the world.' The remarks come at a time when tech giants are fiercely competing for AI dominance, and public perception often shifts quickly based on product rollouts and visible innovation. For Pichai, however, the focus remains steady: 'Just keep things moving. We've set up the right teams, the right leaders, and we have world-class researchers.'
