google-project-zero · Crawled Jul 5, 2026
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
1 IoCs
Read original article ↗
AI Summary
Google Project Zero discovered a 0-click exploit chain targeting the Google Pixel 10, leveraging a modified version of a previously known Dolby vulnerability (CVE-2025-54957) and a new kernel vulnerability in the VPU driver. The VPU driver exposes MMIO register mappings without proper bounds checking, allowing arbitrary physical memory mapping and kernel memory modification from userspace. This enables trivial privilege escalation to kernel code execution. The vulnerability was reported in November 2025 and patched in the February 2026 Pixel security bulletin, marking improved triage response from Android.
AI-extracted · verify before operational use
Indicators of Compromise 1 extracted
| Type | Value | Detail |
|---|---|---|
| GitHub Repo | projectzero/google/exploit-chains/pixel10 | Details → |