CVE-2025-27038

Q: What is the severity of CVE-2025-27038?

CVE-2025-27038 has a CVSS score of 7.5 (HIGH). This vulnerability allows memory corruption in Chrome's graphics rendering through Adreno GPU drivers, potentially enabling arbitrary code execution. It affects Chrome users on devices with Qualcomm Adreno GPUs. Attackers could exploit this to compromise browser security.

7.5 HIGH CISA KEV

📋 TL;DR

This vulnerability allows memory corruption in Chrome's graphics rendering through Adreno GPU drivers, potentially enabling arbitrary code execution. It affects Chrome users on devices with Qualcomm Adreno GPUs. Attackers could exploit this to compromise browser security.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: Chrome versions prior to 128.0.6613.84

Operating Systems: Android, Windows, Linux with Qualcomm Adreno GPU

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Qualcomm Adreno GPU driver; most vulnerable on Android devices with Qualcomm chipsets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through browser-based remote code execution, allowing attacker control over the device.

🟠

Likely Case

Browser crash or sandbox escape leading to limited code execution within browser context.

🟢

If Mitigated

Browser crash without code execution if sandboxing holds, causing denial of service.

🌐 Internet-Facing: HIGH - Browser-based vulnerabilities are directly exposed to web content.

🏢 Internal Only: MEDIUM - Requires user interaction with malicious content but can be exploited internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

CISA confirms known exploitation; requires user to visit malicious website or view malicious content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Chrome 128.0.6613.84 and later

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Open Chrome settings 2. Navigate to 'About Chrome' 3. Allow browser to check for and install updates 4. Restart Chrome when prompted

🔧 Temporary Workarounds

Disable GPU acceleration

all

Temporarily disable hardware acceleration to bypass vulnerable GPU driver

chrome://settings/system -> Disable 'Use hardware acceleration when available'

🧯 If You Can't Patch

Restrict browser to trusted websites only using network policies
Implement application allowlisting to prevent unauthorized browser execution

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: chrome://settings/help - if version is below 128.0.6613.84, system is vulnerable

Check Version:

chrome://version

Verify Fix Applied:

Confirm Chrome version is 128.0.6613.84 or higher in chrome://settings/help

📡 Detection & Monitoring

Log Indicators:

Chrome crash logs with GPU process termination
Unexpected Chrome renderer process crashes

Network Indicators:

Outbound connections from Chrome to suspicious domains following crash

SIEM Query:

source="chrome_logs" AND (event="gpu_process_crash" OR event="renderer_crash")

📊 Metadata

CVE ID: CVE-2025-27038

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 1.07% exploit probability (77.4th percentile)

CISA KEV: Actively Exploited added Jun 3, 2025

Published: June 3, 2025

Last Updated: October 27, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27038 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8031 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs8550 Firmware by Qualcomm

Sm6475 Firmware by Qualcomm

Sm6650 Firmware by Qualcomm

Sm6650p Firmware by Qualcomm

Sm7435 Firmware by Qualcomm

Sm7635 Firmware by Qualcomm

Sm7635p Firmware by Qualcomm

Smart Audio 400 Platform Firmware by Qualcomm

Snapdragon 4 Gen 2 Mobile Platform Firmware by Qualcomm

Snapdragon 6 Gen 1 Mobile Platform Firmware by Qualcomm

Snapdragon 680 4g Mobile Platform Firmware by Qualcomm

Snapdragon 685 4g Mobile Platform \(sm6225 Ad\) Firmware by Qualcomm

Snapdragon W5\+ Gen 1 Wearable Platform Firmware by Qualcomm

Sw5100 Firmware by Qualcomm

Sw5100p Firmware by Qualcomm

Video Collaboration Vc1 Platform Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9378 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcd9395 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn6650 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6755 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8832 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm