Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
Cybersecurity NewsArchived May 16, 2026✓ Full text saved
A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two vulnerabilities. The attack builds on earlier research targeting Pixel 9 devices, […] The post Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices appeared first
Full text archived locally
✦ AI Summary· Claude Sonnet
Discover more
mobile
Computer Drives & Storage
Email
HomeCyber Security News
Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices
By Abinaya
May 16, 2026
A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security.
Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two vulnerabilities.
The attack builds on earlier research targeting Pixel 9 devices, in which a Dolby Media Framework flaw (CVE-2025-54957) enabled remote code execution.
For Pixel 10, researchers successfully adapted the same entry point with minimal effort. Most changes involved recalculating memory offsets for the updated Dolby library.
However, exploitation became slightly more complex due to the introduction of Return Address Pointer Authentication (RET PAC), which replaced traditional stack protection mechanisms.
Because the usual overwrite target (__stack_chk_fail) was no longer available, researchers identified an alternative function, dap_cpdp_init, which could be safely hijacked without disrupting system stability.
This allowed the zero-click exploit to remain effective on unpatched devices running security updates issued before December 2025.
New Privilege Escalation Path
While the initial exploit remained similar, the privilege escalation stage required a completely new approach.
The Pixel 10 no longer includes the vulnerable BigWave driver used in earlier attacks. Instead, researchers discovered a critical flaw in a newly introduced driver located at /dev/vpu.
This driver interfaces with the Chips&Media Wave677DV video processing unit on Google’s Tensor G5 chip.
During a brief audit, Project Zero researchers identified a severe vulnerability in the driver’s memory mapping functionality.
The flaw lies in how the driver handles mmap requests. Specifically, it fails to validate the size of memory being mapped when calling remap_pfn_range.
Attackers can request oversized memory mappings.
The driver does not enforce boundaries on mapped regions.
This exposes large sections of physical memory, including kernel space.
Because the Android kernel is loaded at a predictable physical address on Pixel devices, attackers can directly locate and overwrite critical kernel structures.
This effectively grants arbitrary read and write access to kernel memory.
Researchers noted that achieving full kernel compromise required just a few lines of code, making this vulnerability unusually easy to exploit compared to typical kernel bugs.
By combining the Dolby zero-click vulnerability with the VPU driver flaw, attackers can:
Execute code remotely without user interaction.
Escalate privileges to root level.
Take complete control of the device.
In a real-world scenario, a malicious media file could trigger the initial exploit, followed by kernel manipulation to turn off security controls or install persistent malware.
Patch and Mitigations
The vulnerability was reported on November 24, 2025, and classified as High severity.
Google addressed the issue within 71 days, releasing patches in the February 2026 Android security update, marking a notable improvement in response time compared to past driver vulnerabilities.
Despite faster remediation, the findings highlight ongoing weaknesses in Android driver development.
Notably, the vulnerable VPU driver was developed by the same team responsible for the previously flawed BigWave driver, suggesting recurring gaps in secure coding and auditing practices.
Project Zero emphasized that while faster patching is a positive step, preventing such vulnerabilities from reaching production remains critical.
The research underscores a broader challenge: even minor flaws in hardware drivers can lead to full system compromise, reinforcing the need for stronger security reviews across the Android ecosystem.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware
Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
TeamPCP Hackers Abuse CI/CD Pipelines to Steal Developer and Cloud Credentials
New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials
Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security
Latest News
Cyber Security News
JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers
Cyber Security News
Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities
Cyber Security News
Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords
Android
Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address
Cyber Security News
Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker