Google Project Zero Finds 0-Click Root Exploit in Pixel 10

Key Takeaways

• Project Zero ported their Pixel 9 exploit chain to Pixel 10 by adapting the Dolby vulnerability and finding a new privilege escalation bug
• The new VPU driver on Pixel 10 exposes chip hardware interfaces directly to userspace, a fundamental security flaw
• Security researchers found the vulnerability in just 2 hours of auditing the driver code

From Pixel 9 to Pixel 10: Adapting the Attack

Google's Project Zero team has published details of a zero-click exploit chain for the Pixel 10, building on their earlier work targeting the Pixel 9. The research shows how attackers could gain root access on Android's flagship device without any user interaction.

The first link in the chain, CVE-2025-54957, is a Dolby audio processing vulnerability that existed across all Android devices until it was patched in January 2026. Porting this exploit to Pixel 10 required updating memory offsets for the new device's libraries. The team hit one snag: Pixel 10 uses RET PAC instead of the traditional stack protector mechanism, which meant they couldn't overwrite __stack_chk_fail as they did on Pixel 9.

Their workaround was elegant. They targeted dap_cpdp_init, initialization code that runs once when the decoder starts and never again. Overwriting it causes no functional problems while still enabling their exploit. The updated code works on any device with a Security Patch Level of December 2025 or earlier.

A New Driver, A New Vulnerability

The second half of the exploit chain needed a complete rewrite. The BigWave driver that Project Zero exploited on Pixel 9 doesn't ship on Pixel 10. Instead, they found a new target: a VPU driver at /dev/vpu visible in the mediacodec SELinux context.

This driver interfaces with the Chips&Media Wave677DV silicon on Google's Tensor G5 chip, handling video decoding acceleration. According to Project Zero, the driver was built by the same developers who created the BigWave driver.

Working with researcher Jann Horn, the team spent just 2 hours auditing the VPU driver before finding what they describe as an "exceptional vulnerability." Unlike the upstream Linux driver for older Chips&Media chips, the Pixel 10's driver skips the standard Video for Linux API (V4L2) entirely. Instead, it exposes the chip's hardware interface directly to userspace, including the ability to map the chip's MMIO register interface.

Why This Bug Is So Dangerous

Project Zero calls this "the holy grail of kernel vulnerabilities." The driver's vpu_mmap function uses remap_pfn_range to map device memory directly to userspace. The code sets up memory mappings, handles power management, and lets userspace wait for hardware interrupts. But it does so with minimal security boundaries.

The problem is architectural. By exposing raw hardware interfaces to applications, the driver bypasses the security abstractions that V4L2 provides. A malicious app that can access the VPU driver can manipulate hardware registers directly, opening a path to kernel-level access.

The simplicity of the vulnerability makes it particularly concerning. Unlike complex memory corruption bugs that require careful heap manipulation or race condition timing, this is a straightforward design flaw. The hardware access that should be mediated by the kernel is simply handed to userspace.

The Broader Pattern

This isn't an isolated incident. The Pixel 9 exploit chain also relied on a custom driver vulnerability. Google's push for custom silicon, including the Tensor chip series, requires custom drivers. Those drivers don't benefit from the years of security hardening that standard Linux subsystems have received.

The Dolby vulnerability affected all Android devices, showing that even widely deployed components can harbor zero-click bugs. The VPU bug is Pixel-specific but demonstrates that new hardware brings new attack surface.

For security teams, the lesson is clear: custom silicon needs custom security review. The 2-hour discovery timeline suggests the VPU driver hadn't received the scrutiny it deserved before shipping.

What Users Should Do

If you own a Pixel 10 or any Android device, check your Security Patch Level in Settings > About Phone. The Dolby vulnerability was patched in January 2026. Google typically patches Project Zero bugs within 90 days of disclosure, so expect a VPU fix in an upcoming security update.

Until then, standard precautions apply. The zero-click Dolby bug could be triggered by malicious media files, so be cautious about files from unknown sources. The VPU exploit requires an app that can access the driver, so stick to apps from the Play Store and avoid sideloading.

Frequently Asked Questions

Is my Pixel 10 currently vulnerable to this exploit?

If your Security Patch Level is December 2025 or earlier, yes. Check Settings > About Phone for your patch level. The Dolby vulnerability was fixed in January 2026; the VPU fix timing depends on Google's patch schedule.

What is a zero-click exploit?

A zero-click exploit requires no user interaction. The attacker doesn't need you to click a link or open a file. In this case, processing a malicious audio file through the Dolby decoder could trigger the first stage of the attack automatically.

Does this affect other Android phones?

The Dolby vulnerability (CVE-2025-54957) affected all Android devices until it was patched. The VPU driver bug is specific to Pixel 10 and its Tensor G5 chip.

How did Google's own team find this bug?

Project Zero is Google's dedicated security research team that hunts for vulnerabilities across all software, including Google's own products. They routinely publish exploits to improve industry security practices.

What is RET PAC and why did it matter for this exploit?

RET PAC (Return Address Signing) is an ARM security feature that protects return addresses from tampering. Pixel 10 uses it instead of traditional stack protection, which forced researchers to find a different code location to overwrite.

Source: Hacker News: Best