Memory Corruption Vulnerability in Chrome Affects Adreno GPU Drivers
CVE-2025-27038

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon
Vendor: CVE Published:; 3 June 2025

🔔 Create Qualcomm Vulnerability Alert

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

What is CVE-2025-27038?

This vulnerability involves a memory corruption issue that occurs when the Chrome browser renders graphics using Adreno GPU drivers. Exploiting this flaw could allow attackers to execute arbitrary code, which may lead to unauthorized access or data breaches. Users are advised to stay updated with the latest browser versions to mitigate-associated risks.

CISA has reported CVE-2025-27038

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-27038 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Snapdragon Snapdragon Connectivity AR8031

Snapdragon Snapdragon Connectivity CSRA6620

Snapdragon Snapdragon Connectivity CSRA6640

News Articles

CVE-2025-21479 CVE-2025-27038

Two Android Vulnerabilities Actively Exploited: Google Releases Critical Patches

Google releases August security patch for Android, fixing critical Qualcomm vulnerabilities exploited in targeted attacks.

4 weeks ago

thmubnail image

The Cyber Express

CVE-2025-21479 CVE-2025-27038

August 2025 Android Security Bulletin: Key Fixes Released

Google’s August 2025 Android Security Bulletin fixes multiple critical vulnerabilities, including CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.

4 weeks ago

thmubnail image

Security Affairs

CVE-2025-21479 CVE-2025-27038

Google fixed two Qualcomm bugs that were actively exploited in the wild

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild.

4 weeks ago

thmubnail image

References

https://docs.qualcomm.com/product/publicresources/securit...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 3, 2025
🦅
CISA Reported
Jun 3, 2025
Vulnerability published
Jun 3, 2025
📰
First article discovered by BleepingComputer
Jun 2, 2025
Vulnerability Reserved
Feb 18, 2025

.

CVE-2025-27038 : Memory Corruption Vulnerability in Chrome Affects Adreno GPU Drivers