Could your brand-new Pixel 10 be less secure than you think? It’s a question no one wants to ask, but one that’s become increasingly relevant as sophisticated exploits continue to surface, targeting even the most protected devices. We’re talking about the kind of vulnerabilities that don’t require you to click a single link or download a dodgy app – the dreaded 0-click variety.
And here’s the kicker: researchers have just unveiled an exploit chain for Google’s latest flagship, the Pixel 10, that’s essentially a master key to your device’s core. It’s a chilling reminder that even with layers of security, the digital world is a constant arms race.
The Genesis: Pixel 9 and the Dolby Exploit
Last year, a similar story unfolded with the Pixel 9. Researchers discovered a way to jump from a zero-click context straight to root access on Android. The culprit? A critical vulnerability in Dolby’s Digital Plus (UDC) processing that was, thankfully, patched in January 2026. This exploit chain was a proof to meticulous research, chaining together two distinct exploits to achieve full device control. It was a sophisticated dance of code, a digital ballet that ended with the attacker in the driver’s seat.
But here’s the thing about security researchers: they don’t rest. Having conquered the Pixel 9, the question became, ‘Can we do it again on the Pixel 10?’ And the answer, it turns out, is a resounding, and slightly terrifying, yes.
Adapting the Digital Acrobatics
Updating the Dolby exploit for the Pixel 10, designated CVE-2025-54957, was, surprisingly, not an insurmountable challenge. The core logic remained intact. The heavy lifting involved adjusting memory offsets to match the Pixel 10’s specific library versions – a task akin to recalibrating a telescope for a slightly different star. The real headache? The Pixel 10’s adoption of RET PAC (Pointer Authentication Codes) instead of the older -fstack-protector. This meant the usual __stack_chk_fail — a critical security mechanism — was no longer available to be subverted. It’s like finding out the lock you were used to picking has been replaced by a completely different, more advanced system.
But where there’s a will, there’s a way. After some earnest trial and error, the team identified dap_cpdp_init, a piece of initialization code that could be safely overwritten without breaking the decoder’s functionality. This function, called only once upon initialization, provided a quiet corner to inject their malicious code. The updated Dolby UDC exploit is now out there, a potent reminder that unpatched devices remain vulnerable.
A New Player on the Field: The VPU Driver
Now, here’s where things get really interesting. The local privilege escalation component of the Pixel 9 exploit chain, which relied on the BigWave driver, wouldn’t fly on the Pixel 10. That driver just isn’t present. Instead, a new kid on the block has appeared: the /dev/vpu driver, nestled within the mediacodec SELinux context. This driver is the hardware accelerator for video decoding on the Tensor G5 chip, built by the same folks who gave us BigWave.
And this is where the magic, or perhaps the menace, truly lies. In collaboration with Jann Horn, a two-hour audit of this VPU driver unearthed what can only be described as the holy grail of kernel vulnerabilities.
What makes the Pixel driver so different? Unlike its Linux counterpart, the Pixel’s WAVE677DV driver doesn’t play nice with V4L2. Instead, it directly exposes the chip’s hardware interface to userspace. Imagine being handed the keys to the engine room, with direct access to all the controls. This driver handles memory mappings, power management, and allows userspace to wait for interrupts – all critical functions.
The Kernel’s Open Door
The vulnerability itself is almost embarrassingly simple. The vpu_mmap handler, intended to map the VPU hardware registers into userland, makes a call to remap_pfn_range. The catch? It bases the mapping size solely on the requested Virtual Memory Area (VMA) size, with no bounds check against the actual register region. This is akin to telling a locksmith, ‘Open this safe, and just give me whatever’s beyond it,’ without specifying an end point.
What does this mean in practice? By requesting a VMA size larger than the VPU register region, an attacker can map as much physical memory as they want into their userland space, starting from the VPU register’s physical address. And since the kernel image — including its critical .text and .data sections — resides at a higher physical address, it becomes entirely accessible and, more importantly, modifiable by userspace. The entire kernel.
This isn’t just theoretical. With this bug, overwriting kernel functions to gain code execution, or any other desired primitive, is now astonishingly simple. The kernel’s physical address is constant on Pixels, meaning the offset between the VPU memory region and the kernel is a known quantity. No need for complex memory scanning; you simply know precisely where the kernel lives relative to the address returned by mmap, provided your VMA length is sufficiently generous. Achieving arbitrary read-write on the kernel took a mere five lines of code, and crafting a full exploit was less than a day’s work.
It’s a stark illustration of how a single, seemingly minor oversight in a hardware driver can unravel the deepest layers of system security. This is not just a bug; it’s an invitation.
The Patch and the Posture
This critical bug was reported on November 24, 2025, and Android VRP classified it as High severity. This is a marked improvement over the BigWave bug used on the Pixel 9, which, despite having the same security impact, was initially rated Moderate. This shift in triage and patching approach is a positive development, showing a more attuned response to severe vulnerabilities.
The vulnerability was patched 71 days after its report, landing in the February Pixel security update. While a patch is good news, the existence of such a potent exploit chain highlights the ongoing challenges in securing complex mobile ecosystems. The Pixel 10, a device lauded for its innovation, now carries the scar of a fundamental kernel flaw, a proof to the relentless ingenuity of those who seek to exploit it.
This 0-click exploit chain for the Pixel 10 isn’t just a technical report; it’s a siren call. It signals that the fundamental platforms upon which our digital lives are built are still capable of astonishing vulnerability, and that the race for security is far from over. The window might have closed on the Pixel 9, but a much larger, more alarming one just opened on the Pixel 10.
