Skip to main content
Mallory
Back to vulnerabilities
HighCISA KEVExploited in the wildPublic exploit

Use-after-free in Qualcomm Adreno GPU drivers in Chrome

IdentifiersCVE-2025-27038CWE-416· Use After Free

CVE-2025-27038 is a use-after-free vulnerability in Qualcomm Graphics / Adreno GPU user-land driver components that can trigger memory corruption while rendering graphics in Chrome. The provided content specifically describes the issue as occurring in Adreno GPU drivers during Chrome graphics rendering, and more detailed reporting states it is a Qualcomm Adreno GPU user-land library UAF reachable via WebGL, including a crafted glFenceSync call. Google TAG indicated the flaw was under limited, targeted exploitation, and GTIG reported it was observed exploited in the wild as part of an exploit chain with Chrome renderer CVE-2024-0519 and KGSL driver CVE-2023-33106.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can cause memory corruption in the Adreno graphics stack and may enable code execution or sandbox escape when chained with other vulnerabilities. The supplied content indicates in-the-wild exploitation in targeted attacks and specifically notes chaining with a Chrome renderer bug and a KGSL driver flaw. In practical terms, exploitation can provide an attacker a path from a compromised or attacker-controlled Chrome rendering context into more privileged GPU/OS components, potentially contributing to device compromise.

Mitigation

If you can’t patch tonight, do this now.

Until patches are fully deployed, reduce exposure by limiting use of untrusted content in Chrome on affected Android devices, prioritizing patching of devices with Qualcomm chipsets, and enforcing rapid mobile update compliance through MDM or equivalent fleet management. Because the issue is associated with Chrome graphics rendering and WebGL-reachable GPU functionality, restricting exposure to untrusted web content and disabling or limiting risky browser features where operationally feasible may reduce attack surface, but patching is the primary mitigation.

Remediation

Patch, then assume compromise.

Apply vendor patches that address CVE-2025-27038. The content states Qualcomm disclosed and patched the issue in 2025, provided fixes to OEMs in May 2025, and Google included fixes in Android security updates released in August 2025. Organizations should deploy the relevant Android security update level and any OEM firmware updates incorporating Qualcomm’s Adreno driver fixes as soon as they are available.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
QualcommAr8031 Firmwareoperating_system
QualcommCsra6620 Firmwareoperating_system
QualcommCsra6640 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommQca2066 Firmwareoperating_system
QualcommQca6391 Firmwareoperating_system
QualcommQcm6125 Firmwareoperating_system
QualcommQcm8550 Firmwareoperating_system
QualcommQcn9011 Firmwareoperating_system
QualcommQcn9012 Firmwareoperating_system
QualcommQcs6125 Firmwareoperating_system
QualcommQcs8550 Firmwareoperating_system
QualcommSm6475 Firmwareoperating_system
QualcommSm6650 Firmwareoperating_system
QualcommSm6650p Firmwareoperating_system
QualcommSm7435 Firmwareoperating_system
QualcommSm7635 Firmwareoperating_system
QualcommSm7635p Firmwareoperating_system
QualcommSmart Audio 400 Platform Firmwareoperating_system
QualcommSnapdragon 4 Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 6 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 680 4g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 685 4g Mobile Platform (Sm6225-Ad) Firmwareoperating_system
QualcommSnapdragon W5+ Gen 1 Wearable Platform Firmwareoperating_system
QualcommSw5100 Firmwareoperating_system
QualcommSw5100p Firmwareoperating_system
QualcommVideo Collaboration Vc1 Platform Firmwareoperating_system
QualcommWcd9335 Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9378 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcd9395 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3980 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn6650 Firmwareoperating_system
QualcommWcn6740 Firmwareoperating_system
QualcommWcn6755 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8832 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

36 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

36 SOURCESView more in app
cloudatg insightsNews
Feb 13, 2026
AI Development & Software Engineering | CloudATG

Qualcomm Android vulnerability patched by Google; reported as actively exploited in the wild.

Read more
the hacker newsNews
Aug 7, 2025
The Hacker News | #1 Trusted Source for Cybersecurity News - Index Page

A Qualcomm Graphics component use-after-free vulnerability that can cause memory corruption while rendering graphics using Adreno GPU drivers in Chrome. It was flagged as actively exploited in the wild.

Read more
bleeping computerNews
Aug 5, 2025
Android gets patches for Qualcomm flaws exploited in attacks

A use-after-free in Qualcomm Adreno GPU drivers (triggerable during graphics rendering, including via Chrome) leading to memory corruption; reported as exploited in limited targeted attacks.

Read more
the hacker newsNews
Aug 5, 2025
Google's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

A use-after-free vulnerability in the Qualcomm Graphics component that may cause memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Read more
+5 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures2

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity24

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-27038
NVD
nvd.nist.gov/vuln/detail/CVE-2025-27038
MITRE CWE · CWE-416
Use After Free
Vendor Advisory
docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27038