- The tech giant's Project Zero team said it had alerted the chip designer ARM about the
GPU bug. - The British chip designer had fixed those vulnerabilities.
- Google researchers reported five issues to ARM when they were discovered between June and July 2022.
Google researchers have warned that millions of
The tech giant's Project Zero team said it had alerted the chip designer ARM about the GPU bug, and the British chip designer had fixed those vulnerabilities.
However, smartphone manufacturers including
"The vulnerabilities discussed are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including
Google researchers reported five issues to ARM when they were discovered between June and July 2022.
ARM fixed the issues promptly in July and August 2022, disclosing them as security issues on their Arm Mali Driver Vulnerabilities page (CVE-2022-36449) and publishing the patched driver source on their public developer website.
However, Google "discovered that all of our test devices which used Mali GPU are still vulnerable to these issues. CVE-2022-36449 is not mentioned in any downstream security bulletins".
The researchers said users are recommended to patch as quickly as they can once a release containing security updates is available, so the same applies to vendors and companies.
"Companies need to remain vigilant, follow upstream sources closely, and do their best to provide complete patches to users as soon as possible," the tech giant added.
According to
SEE ALSO: