Google Project Zero discovers 0-click exploit chain for Pixel 10
Original: A 0-click exploit chain for the Pixel 10
Why This Matters
Demonstrates continued Android security vulnerabilities in new hardware drivers
Google Project Zero researchers developed a 0-click exploit chain targeting Pixel 10 devices, updating previous Dolby vulnerability and discovering new VPU driver flaw. Chain allows zero-click context to root access via two exploits.
Project Zero researchers Seth Jenkins and Jann Horn created an exploit chain for Pixel 10 after successfully targeting Pixel 9. The team updated their CVE-2025-54957 Dolby exploit by adjusting library offsets and replacing stack protection with RET PAC functionality. The Pixel 10 lacks the BigWave driver but includes a new VPU driver at /dev/vpu for Tensor G5's Chips&Media Wave677DV silicon. After 2 hours of auditing, they found a critical vulnerability in the VPU driver's mmap handler that allows mapping arbitrary physical memory into userspace by specifying oversized mmap calls, bypassing register region boundaries. The flaw enables unrestricted physical memory access from userland.