Google Project Zero Reveals Zero-Click Exploit Chain for Pixel 10

Google Project Zero researchers have uncovered a full zero-click exploit chain targeting Pixel 10 devices, demonstrating how a remote audio decoding bug can escalate all the way to complete kernel control through a single vulnerable video driver.

The chain begins with CVE-2025-54957, a critical flaw in the Dolby Unified Decoder (UDC) that was previously used against Pixel 9 devices.

When a target receives a crafted Dolby Digital Plus (DD+) audio stream via a voice message or audio attachment, the device processes it automatically, with zero interaction required. This turns ordinary media files into silent attack vectors.

Updated Exploit Bypasses Pixel 10 Protections

For Pixel 10, Project Zero researcher Seth Jenkins adapted the existing Dolby UDC exploit by recalculating offsets for the updated library build.

The main obstacle was Pixel 10’s switch from classic stack-protector to return address pointer authentication (RET PAC), which eliminated the previous __stack_chk_fail overwrite primitive.

Jenkins worked around this by targeting dap_cpdp_initAn initialization function that runs only once can be safely overwritten and does not affect normal decoding afterward.

This updated exploit works only on devices that haven’t applied the December 2025 or January 2026 Android security patches.

On Pixel 9, the second exploit stage relied on a BigWave AV1 driver bug. Pixel 10 dropped that driver but introduced a new one /dev/vpu driver for the Chips&Media Wave677DV block on the Tensor G5 chip.

The same development team behind BigWave maintains this driver, making it a natural audit target.

In just two hours, Jenkins and colleague Jann Horn found a critical flaw in the VPU mmap handler.

The vulnerable code maps VPU physical memory to the user space, but never validates the requested mapping size:

cstatic int vpu_mmap(struct file *fp, struct vm_area_struct *vm)
{
    unsigned long pfn;
    struct vpu_core *core =
        container_of(fp->f_inode->i_cdev, struct vpu_core, cdev);
    vm_flags_set(vm, VM_IO | VM_DONTEXPAND | VM_DONTDUMP);
    vm->vm_page_prot = pgprot_device(vm->vm_page_prot);
    pfn = core->paddr >> PAGE_SHIFT;
    return remap_pfn_range(vm, vm->vm_start, pfn,
                           vm->vm_end - vm->vm_start,
                           vm->vm_page_prot) ? -EAGAIN : 0;
}

Because remap_pfn_range uses only the VMA length without bounds checking, an attacker can pass an oversized mapping that extends well beyond the VPU registers, pulling in arbitrary physical memory, including the entire kernel image.

Since Pixel 10 places the kernel at a fixed physical address, no KASLR bruteforcing is needed. Project Zero built an arbitrary kernel read-write primitive in just five lines of code, completing a full exploit in under a day.

Jenkins reported the VPU bug on November 24, 2025. Google shipped a fix 71 days later in the February Pixel security bulletin, the first time one of Jenkins’ Android driver bugs was patched in under 90 days, reflecting measurable improvement in Google’s triage pipeline.

Still, the research highlights a persistent problem: shallow, easily discoverable vulnerabilities continue to exist in vendor-maintained kernel drivers.

Project Zero urges OEMs to invest in systematic secure coding practices and proactive driver audits before such chains ever reach end users.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google

The post Google Project Zero Reveals Zero-Click Exploit Chain for Pixel 10 appeared first on Cyber Security News.