If you own vaguely recent Android smartphone, there's a good chance that at least one of Qualcomm's many chips powers it... and if so, you might be at risk. Check Point has revealed four vulnerabilities, bundled under the QuadRooter nickname, that take advantage of problems with Qualcomm driver software (for elements such as graphics, memory and routing) to get root-level access and install malware that could hijack your device. All an attacker needs to do is load a seemingly innocuous, permissions-free app to deliver the payload.
Given the sheer ubiquity of Qualcomm in the mobile world, the exploits could affect the majority of Android devices -- Check Point estimates 900 million in total, or most of the 1.4 billion active devices in use as of fall 2015. That includes many of the past and present flagship phones from companies you know, such as Google's Nexus phones, the HTC 10, LG G5 and at least some variants of Samsung's Galaxy S7. Check Point has gone so far as to release an app that tells you whether or not your hardware is vulnerable.
Thankfully, three of the four issues have been patched, and a fix is coming for the fourth. However, there's a very real chance that you won't get a fix. People with newer Nexus devices already have their fix, but it may take a while for vendors like LG and Samsung to test the solution with their heavily customized takes on Android. And while plenty of security vulnerabilities go unfixed on older hardware that no longer gets support, that lack of updates is a particularly sore point with QuadRooter -- many of those 900 million devices are far from the cutting edge.
You probably aren't under imminent threat given that you'd need to install an app. If you stick to Google Play downloads, you'll likely be safe. With that said, attackers could easily prey on users who either don't know this or live in countries where unofficial app stores dominate, such as China.