Google Project Zero details zero-click exploit chain for Pixel 10 devices

Google Project Zero has disclosed how researchers built a zero-click exploit chain for Pixel 10 devices, showing how an attacker could move from remote code execution in a media decoder to kernel-level control by chaining two vulnerabilities.

The chain starts with CVE-2025-54957, a Dolby Unified Decoder flaw already used in Project Zero’s earlier Pixel 9 research. On Pixel 10, researchers adapted the same entry point and combined it with a newly found VPU driver flaw tracked as CVE-2026-0106.

Both issues have already been patched. The Dolby vulnerability was fixed across Android in January 2026, while the Pixel 10 VPU driver issue was fixed in the February 2026 Pixel update. Users with current Pixel security updates are protected against the disclosed chain.

How the Pixel 10 exploit chain works

The exploit chain begins in Android’s media-processing attack surface. Project Zero previously showed that incoming SMS and RCS audio attachments can be decoded automatically by Google Messages for transcription, before the user opens the message.

That behavior can turn media decoders into zero-click attack surfaces. In this case, the first stage relies on CVE-2025-54957, an out-of-bounds write in Dolby’s Unified Decoder when it processes a crafted Dolby Digital Plus bitstream.

Once code execution reaches the mediacodec context, the second stage escapes that restricted environment by exploiting the Pixel 10 VPU driver. Project Zero said the driver allowed overly large memory mappings that exposed physical memory, including kernel memory, to user space.

Exploit stage	Vulnerability	Component	Impact
Initial access	CVE-2025-54957	Dolby Unified Decoder	Zero-click code execution in the media decoder context
Privilege escalation	CVE-2026-0106	Pixel 10 VPU driver	Kernel memory access and elevation of privilege
Patch status	Patched	Android and Pixel updates	Fixed through January and February 2026 security updates

The Dolby bug carried over from Pixel 9 research

Project Zero said adapting the Dolby exploit from Pixel 9 to Pixel 10 was fairly straightforward. Most of the work involved recalculating offsets for the Dolby library version used on Pixel 10.

The main complication came from Pixel 10’s use of Return Address Pointer Authentication, or RET PAC, instead of traditional stack-protector behavior. Because the older overwrite target was no longer available, researchers used a different function named dap_cpdp_init.

That change allowed the Dolby exploit to continue working on unpatched devices with a December 2025 security patch level or earlier. Project Zero said the Dolby vulnerability existed across Android until it was patched in January 2026.

The new VPU driver flaw replaced the old BigWave path

On Pixel 9, Project Zero used the BigWave driver for the privilege escalation stage. Pixel 10 does not ship with that driver, so researchers looked for another kernel driver reachable from the mediacodec SELinux context.

They found a new device at /dev/vpu. Project Zero said this driver interfaces with the Chips&Media Wave677DV video processing hardware on the Tensor G5 platform.

The researchers then audited the driver with Jann Horn and found the VPU memory mapping bug in about two hours. Project Zero described the flaw as unusually simple and highly powerful because it exposed large ranges of physical memory to user space.

Why the VPU bug was so serious

The vulnerable VPU mmap handler was meant to map the VPU hardware register region into user space. However, Project Zero said it did not properly limit the mapping size to that register region.

By requesting a mapping larger than the intended region, an attacker could map physical memory beyond the VPU registers. Project Zero said that included the kernel image and data regions because they sit at a higher physical address than the VPU register region.

The team said arbitrary read and write access to the kernel required only five lines of code, while a complete exploit took less than a day to build. That simplicity is why the researchers framed the bug as a major driver-security warning.

• The driver exposed /dev/vpu to the mediacodec context.
• The mmap handler used the requested VMA size without proper bounds.
• An oversized mapping could expose physical memory beyond the VPU register region.
• The Pixel kernel sits at a predictable physical address in this attack scenario.
• The bug gave researchers a path to kernel read and write access.

Patch timeline and affected devices

Project Zero reported the VPU driver vulnerability on November 24, 2025. Google’s Android Vulnerability Reward Program rated it High severity.

The issue was patched 71 days later in the February 2026 Pixel security bulletin. Google listed the fix as CVE-2026-0106, an elevation-of-privilege vulnerability in the VPU Driver.

Google’s February Pixel bulletin says security patch levels of 2026-02-05 or later address the issues listed in that release for supported Pixel devices. That means Pixel 10 users should check for at least that patch level, and preferably install the latest available update.

Issue	Patch release	What users need
Dolby Unified Decoder flaw	January 2026 Android security update	Android security patch level 2026-01-05 or later
Pixel 10 VPU driver flaw	February 2026 Pixel security update	Pixel security patch level 2026-02-05 or later
Full protection from this disclosed chain	Latest Pixel update	Install the newest system update available

Why zero-click media bugs matter

Zero-click attacks are dangerous because they do not require the target to tap a link, open an attachment, or install an app. The device processes malicious content automatically before the user sees it.

Project Zero’s Pixel 9 research highlighted how AI-powered and convenience features can increase attack surface. Audio transcription, search indexing, and media preview features often require the phone to parse content in the background.

That does not mean these features are unsafe by default. It does mean vendors need strong sandboxing, driver isolation, fuzzing, and review processes around every parser and hardware driver that handles untrusted content.

What Pixel users should do now

Pixel 10 owners should update their phones immediately if they have not already installed the February 2026 Pixel update or a newer release. The safest option is to install the latest available Pixel security update, not just the minimum patch that fixed this chain.

Users can check their patch level from Android settings. A device with a recent Pixel update should not be vulnerable to the disclosed Project Zero chain.

There is no public evidence in Project Zero’s disclosure that this Pixel 10 exploit chain was used against users in the wild. Still, the research shows why delayed updates create risk, especially for journalists, executives, activists, developers, and other high-value targets.

1. Open the phone’s Settings app.
2. Go to Security and privacy.
3. Check the Android security update and Pixel system update status.
4. Install every available update.
5. Restart the device after updating.
6. Keep automatic system updates enabled where possible.

What this means for Android security

The Pixel 10 research shows both progress and a recurring problem. Google patched the VPU driver issue within 71 days, which Project Zero called a meaningful improvement for Android driver bug handling.

At the same time, the flaw itself was simple. Project Zero said the vulnerable VPU driver came from the same developer group that built the earlier BigWave driver used in the Pixel 9 chain.

This points to a broader lesson for the Android ecosystem. Fast patching helps users, but stronger secure development practices can stop shallow driver bugs from shipping in the first place.

FAQ