CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 16, 2026

Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices

Cybersecurity News Archived May 16, 2026 ✓ Full text saved

A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two vulnerabilities. The attack builds on earlier research targeting Pixel 9 devices, […] The post Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices appeared first

Full text archived locally
✦ AI Summary · Claude Sonnet


    Discover more mobile Computer Drives & Storage Email HomeCyber Security News Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices By Abinaya May 16, 2026 A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two vulnerabilities. The attack builds on earlier research targeting Pixel 9 devices, in which a Dolby Media Framework flaw (CVE-2025-54957) enabled remote code execution. For Pixel 10, researchers successfully adapted the same entry point with minimal effort. Most changes involved recalculating memory offsets for the updated Dolby library. However, exploitation became slightly more complex due to the introduction of Return Address Pointer Authentication (RET PAC), which replaced traditional stack protection mechanisms. Because the usual overwrite target (__stack_chk_fail) was no longer available, researchers identified an alternative function, dap_cpdp_init, which could be safely hijacked without disrupting system stability. This allowed the zero-click exploit to remain effective on unpatched devices running security updates issued before December 2025. New Privilege Escalation Path While the initial exploit remained similar, the privilege escalation stage required a completely new approach. The Pixel 10 no longer includes the vulnerable BigWave driver used in earlier attacks. Instead, researchers discovered a critical flaw in a newly introduced driver located at /dev/vpu. This driver interfaces with the Chips&Media Wave677DV video processing unit on Google’s Tensor G5 chip. During a brief audit, Project Zero researchers identified a severe vulnerability in the driver’s memory mapping functionality. The flaw lies in how the driver handles mmap requests. Specifically, it fails to validate the size of memory being mapped when calling remap_pfn_range. Attackers can request oversized memory mappings. The driver does not enforce boundaries on mapped regions. This exposes large sections of physical memory, including kernel space. Because the Android kernel is loaded at a predictable physical address on Pixel devices, attackers can directly locate and overwrite critical kernel structures. This effectively grants arbitrary read and write access to kernel memory. Researchers noted that achieving full kernel compromise required just a few lines of code, making this vulnerability unusually easy to exploit compared to typical kernel bugs. By combining the Dolby zero-click vulnerability with the VPU driver flaw, attackers can: Execute code remotely without user interaction. Escalate privileges to root level. Take complete control of the device. In a real-world scenario, a malicious media file could trigger the initial exploit, followed by kernel manipulation to turn off security controls or install persistent malware. Patch and Mitigations The vulnerability was reported on November 24, 2025, and classified as High severity. Google addressed the issue within 71 days, releasing patches in the February 2026 Android security update, marking a notable improvement in response time compared to past driver vulnerabilities. Despite faster remediation, the findings highlight ongoing weaknesses in Android driver development. Notably, the vulnerable VPU driver was developed by the same team responsible for the previously flawed BigWave driver, suggesting recurring gaps in secure coding and auditing practices. Project Zero emphasized that while faster patching is a positive step, preventing such vulnerabilities from reaching production remains critical. The research underscores a broader challenge: even minor flaws in hardware drivers can lead to full system compromise, reinforcing the need for stronger security reviews across the Android ecosystem. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers TeamPCP Hackers Abuse CI/CD Pipelines to Steal Developer and Cloud Credentials New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security Latest News Cyber Security News JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers Cyber Security News Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities Cyber Security News Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords Android Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address Cyber Security News Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 16, 2026
    Archived
    May 16, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗