Four major security holes in the Qualcomm chips which power modern Android devices have left as many as 900 million users vulnerable to a range of attacks.

According to Israel-based security firm Checkpoint, the flaws—dubbed “Quadrooter”—found in the firmware which governs the chips, could allow potential attackers to “trigger privilege escalations for the purpose of gaining root access to a device” using malware which wouldn’t require special permissions, allowing it to pass under suspicious users’ radars.

Qualcomm makes chips for the majority of the world’s phones, holding a 65 percent share of the market. Most of the major recent Android devices are expected to be affected by the flaw, including: