Chipmaker Qualcomm rolled out the security patches to fix the weakened weakens of three serious zero-days affecting its Adreno GPU (graphics processing unit) driver, when Google warned that hackers were actively exploiting these defects in target attacks. Google’s Threat Analysis Group (TAG), after sharing the evidence, highlighted the issues that the weaknesses were being used in the Jungli tracked as the CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038-. These flaws affect dozens of chipsets and allow the attackers to achieve the control of the device or install spyware.

Qualcomm said in a security advisor on Monday, “Google threatening analysis group indications that CVE-2025-21479, CVE-2025-21480, Cve-2025-27038 can be under limited exploitation.”

Qualcomm was reported in January by the first two weaknesses, CVE-2025-21479 and CVE-2025-21480, Google’s Android Security Team. These issues belong to the wrong authority in GPU’s graphics framework, which can lead to memory corruption. The third dosha, CVE-2025-27038, was reported in March and described as a use-free bug-a kind of memory corruption that occurs when a program continues to use memory after being freed.

The third vulnerability is believed to be associated with the rendering process in Chrome when using Adreno GPU drivers.

Qualcomm said that it provided patches for all three weaknesses to the original equipment manufacturers (OEM) in May. The company says the patch for issues affecting the Adreno Graphics Processing Unit (GPU) driver has been made available to OEMS in May, as well as with a strong recommendation to deploy updates on the affected equipment as soon as possible.

While the affected specific equipment was not listed, Qualcomm advised users to contact their device manufacturers for patch information. “We encourage the last users to apply security updates as they become available from device manufacturers,” Qualcomm spokesman Dav Shefikik said in a statement.

Google also confirmed that its pixel line of the smartphone was not affected by these weaknesses, a Google spokesperson said Tekkachchan,

The situation is more severe for some Android users, as Google’s tag team has also used spyware signals with these flaws. According to a report by Bleeping Computer, Tag found evidence that the attackers used these weaknesses to install a spyware called Novispy, which could bypass the underlying security of Android and get deep access to a device.

The spyware was allegedly installed using a complete exploitation chain, which involves combining several bugs to bypass safety and achieve the control of the device at the kernel level, which is the deepest layer of the operating system.

This discovery combines growing concerns about how sophisticated danger actor is finding ways to take advantage of hardware and software weaknesses for targeted monitoring.
With the reforms now available, Qualcomm and Google phone manufacturers are urged to push users the patch as soon as possible to prevent further misuse of these safety holes. In turn, users are advised to keep their equipment updated and be cautious to the software updates released by their phone manufacturers.