Preface: The Unified Shading Cluster (USC) is a fundamental part of the PowerVR Rogue architecture and subsequent series. The USC acts as the central shader core, where vertex, fragment, and compute tasks are executed on unified hardware. It is central to PowerVR’s Tile-Based Deferred Rendering (TBDR) architecture. To write shader code for Imagination Technologies’ PowerVR architectures (often referred to in technical documentation alongside the USC or “Universal Shading Cluster” and Volcano shader cores), you use the OpenGL ES Shading Language (GLSL ES).
Background: In the context of Imagination Technologies (IMG) GPUs, libusc (Unified Shading Cluster library) is a critical component of the GPU Driver Development Kit (DDK), primarily serving as the back-end compiler library for shader programs.
Is it possible to combine [.]frag in html web page?
The most common way is to place the shader code inside a <script> tag with a custom type attribute, such as x-shader/x-fragment. Browsers do not execute these scripts because they don’t recognize the type, but the text remains accessible via the Document Object Model (DOM).
The design flaw mentioned in CVE-2025-13952 typically occurs if:
• User-controlled input is inserted into these <script> tags without sanitization.
• Your code later injects shader text back into the DOM using innerHTML or evaluates it as JavaScript.
Vulnerability details: A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. The shader code contained in the web page executes a path in the compiler that held onto an out of date pointer, pointing to a freed memory object.
Official announcement: Please refer to the link for details.