TL;DR
Security researchers have demonstrated a zero-click exploit chain for Pixel 10, exploiting Dolby library vulnerabilities and a driver flaw. The exploit works only on unpatched devices and highlights ongoing Android security challenges.
Researchers have uncovered a zero-click exploit chain for the Pixel 10, leveraging vulnerabilities in Dolby libraries and a driver flaw, which could allow remote code execution without user interaction on unpatched devices.
The exploit chain was adapted from a previous vulnerability identified in Pixel 9, involving a Dolby CVE-2025-54957 bug patched in January 2026. The researchers updated the exploit for Pixel 10 by adjusting offsets in the Dolby library, which is used across Android devices. A key technical challenge was that Pixel 10 employs RET PAC instead of -fstack-protector, preventing direct overwrites of __stack_chk_fail. Instead, researchers used dap_cpdp_init, an initialization function called once during decoder setup, to facilitate exploitation.
Additionally, the researchers identified a new driver at /dev/vpu, used for hardware acceleration on Pixel 10’s Tensor G5 chip. This driver, related to Chips&Media’s WAVE677DV silicon, was found to contain an exceptionally simple yet severe vulnerability. Its mmap handler allows a user to map an arbitrary amount of physical memory into user space, enabling an attacker to access and modify kernel memory, including the entire kernel image. Exploiting this bug requires only five lines of code and was achieved in less than a day.
The researchers reported the VPU driver bug to Android on November 24, 2025. Android VRP rated it as high severity, and it was patched within 71 days in the February 2026 Pixel security bulletin, marking a faster response than previous driver bugs.
Why It Matters
This discovery underscores both progress and ongoing challenges in Android security. The rapid patching reflects improved triage processes, but the vulnerabilities highlight the persistent risks posed by driver flaws and hardware interfaces. The exploit chain demonstrates that unpatched Pixel 10 devices remain vulnerable to remote code execution, emphasizing the importance of timely updates for end-users.
Android security patch update for Pixel 10
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
In early 2026, researchers previously demonstrated a similar exploit chain for Pixel 9, exploiting a Dolby vulnerability patched in January. The current findings extend this work to Pixel 10, which introduces new hardware and security features like RET PAC. The discovery of the VPU driver flaw adds a new vector for privilege escalation, illustrating the evolving landscape of Android hardware security issues.
“The VPU driver flaw is exceptionally simple to exploit and can lead to kernel memory access with just a few lines of code.”
— Researcher involved in the discovery
“We prioritize rapid patching of high-severity vulnerabilities to protect users, as demonstrated by the swift fix of this driver bug.”
— Android security team representative
RXNMH 2+2 Pack for Google Pixel 10 Privacy Screen Protector & Camera Lens Protector, Support Fingerprint Unlock, Fit Lens Cutouts, Anti Spy Tempered Glass Film, Anti-dust, Easy Installation Tool
【25° Privacy Protection】Our pixel 10 privacy screen protector adopts advanced privacy protection optical tech, the screen is only…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear whether other components of Pixel 10 or similar devices are vulnerable to related exploits. The full extent of the driver’s impact and whether additional hardware interfaces could be exploited remains unknown. The exploit chain demonstrated so far is limited to unpatched devices, and the effectiveness on fully patched units is unconfirmed.
![I-HONVA for Google Pixel 10 Case/Pixel 10 Pro Case Shockproof Dust/Drop Proof 3-Layer Full Body Protection [Without Screen Protector] Rugged Heavy Duty Cover for Pixel 10/10 Pro,Black](https://m.media-amazon.com/images/I/31UWOPUsI9L._SL500_.jpg)
I-HONVA for Google Pixel 10 Case/Pixel 10 Pro Case Shockproof Dust/Drop Proof 3-Layer Full Body Protection [Without Screen Protector] Rugged Heavy Duty Cover for Pixel 10/10 Pro,Black
Compatibility: Compatible with Google Pixel 10,Google Pixel 10 Pro 6.3 inch 2025, please attention this case without a…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Researchers plan to further analyze Pixel 10’s hardware and software security architecture to identify additional vulnerabilities. Android is expected to release more patches if new issues are discovered. Users are advised to update their devices promptly to mitigate risks.
ESET Mobile Security & Antivirus
Payment Protection – lets you to shop and bank safely online
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
Can this exploit chain affect all Pixel 10 devices?
Only unpatched Pixel 10 devices are vulnerable. Devices with the latest security updates are not affected.
Is this exploit chain currently being used in real-world attacks?
There is no evidence to suggest active exploitation in the wild at this time; the research demonstrates a theoretical and proof-of-concept vulnerability.
What should users do to protect their devices?
Users should ensure their Pixel 10 devices are updated to the latest firmware released in the February 2026 security patch.
Could similar vulnerabilities exist in other Android devices?
Yes, hardware interfaces and driver vulnerabilities are common across Android devices, and similar flaws may be present elsewhere, underscoring the need for ongoing security audits.
