I was reading that this vulnerability was disclosed today and apparently it's fixed in nov security update (which is already applied by GrapheneOS), however I found it interesting for further discussion.
Explanation by the author:
Video of the POC:
Communication with google:
Given the severity of this vulnerability and how it affected many devices, it's kind of worrisome that google took months to fix this.