Google often announces certain unfixed security vulnerabilities, this situation seems to be very common to Google, even if the developers object.
Previously, Google was complained by Microsoft for disclosing vulnerabilities that Microsoft has not yet fixed, but Google still does its own way and continues to announce vulnerabilities in the Microsoft products and other developers.
Because according to Google’s assumption, all vulnerabilities are given three months to the developers to fix. After three months, the details of whether the vulnerabilities are fixed or not will be automatically disclosed.
Google hopes to use this method to urge developers to actively fix vulnerabilities to avoid delays like some companies, of course, the disadvantage is that it may sometimes cause security risks.
Google Project Zero has announced the vulnerability of the Qualcomm Adreno GPU chip. The security vulnerability is classified as serious and harmful.
The vulnerability is mainly because Qualcomm has some errors in processing the kernel of the graphics display chip. These errors are in the driver, so Qualcomm can fix them through the driver.
In fact, Qualcomm has indeed actively repaired the vulnerabilities. Originally, Qualcomm planned to issue a security bulletin next month and provide the new version of the driver to manufacturers.
However, the Google security team discovered a new vulnerability when verifying the new driver provided by Qualcomm. This vulnerability was introduced by Qualcomm’s new code to solve the previous vulnerability. Then Google once again notified Qualcomm of the vulnerability.
However, judging from the details of the vulnerability, the difficulty of exploiting this vulnerability is relatively large, so it stands to reason that the failure to fix it in a short period of time should not affect too many users.
Industry insiders say that attackers can use this vulnerability to increase their rights, but considering the difficulty of exploiting the vulnerability, it should not be widely used by attackers at present.
However, industry insiders also reminded that after Google announced the details of the vulnerability, there may be attackers actively trying to exploit this vulnerability, so the repair time is still very urgent for Qualcomm.