June 4, 2025, 3:21 pm | Read time: 2 minutes
The U.S. company Qualcomm has released numerous security patches for vulnerabilities in its chips. Smartphone manufacturers now need to provide updates—and users must install them.
In its June 2025 security report, chip manufacturer Qualcomm announced a total of 18 patches for vulnerabilities in its own and open-source software. However, it may take some time before these actually reach end users.
Errors in the Graphics Unit of Qualcomm Chips
Three of the patched security flaws may have been exploited in targeted hacker attacks. These are known as zero-day exploits, which are attack vectors that take advantage of an unpatched security flaw before developers have time to fix it. This information comes from Google’s Threat Analysis Group (TAG).
All three vulnerabilities affect the Adreno graphics processors (GPU) in Qualcomm chips, which are used in many smartphones worldwide, including Samsung, Xiaomi, and OnePlus. Two of them can lead to memory corruption in the GPU micronode due to incorrect authorization. With a CVSS score of 8.6, they are considered highly dangerous. The third vulnerability is caused by a “use after free” error in the GPU memory, where the memory does not correctly clear after use, potentially causing a crash. In this specific case, memory corruption occurred when rendering graphics with Adreno GPU drivers in Chrome.
Google Closes Android Security Vulnerability Exploited by Hackers
Dangerous Security Vulnerability in Outlook Mail! Microsoft Urgently Recommends an Update
iOS 18.3.2 Is Here — Should I Install the Update Straight Away?
Chip Vulnerabilities Make Android Smartphones a Target
Qualcomm already provided patches for the three zero-day vulnerabilities to all manufacturers with affected chips in May. However, it may still take some time before they release their own security patches for their devices. The company states in its report that manufacturers are urged to “update affected devices as quickly as possible.” Users should consult manufacturers for information on the patch status of their smartphones.
Smartphones are a complex system of hardware and software. While device manufacturers control their Android-based operating systems, they generally have no influence over the firmware of the installed chips. They rely on chip makers to provide security patches first. Only then can smartphone manufacturers deliver corresponding updates. This discrepancy makes Android smartphones a popular target for hackers. In 2021, for instance, hundreds of millions of devices were affected by a security flaw in a modem built into Qualcomm chips. It took several weeks to months for the corresponding update to reach the majority of smartphones.