Zero-Click Exploit Chain Discovered for Google Pixel 10

Zero-Click Exploit Chain Discovered for Google Pixel 10

First seen 15 May 2026, 23:23 UTC BloggerGbhackersCybersecuritynewsUk.News.Yahoowww.forbes.com 79% similarity 70.5

Article Content

Browse articles
ThreatCluster

Google's Project Zero disclosed a zero-click exploit chain for the Pixel 10, building on previous research for the Pixel 9. This exploit allows attackers to escalate privileges to root without user interaction by chaining two vulnerabilities, including a critical Dolby decoding bug. The vulnerability was labeled the 'Holy Grail of kernel vulnerabilities' due to its simplicity and potential impact. Fortunately, Google patched this vulnerability in the February 2026 security bulletin, 71 days after it was reported. The exploit can only affect unpatched devices running the December 2025 security patch or earlier. Researchers emphasized the need for improved security practices in Android driver development to prevent such vulnerabilities.

Key Points: • Project Zero discovered a zero-click exploit chain for the Pixel 10, allowing root access. • The vulnerability was patched in February 2026, 71 days after initial reporting. • The exploit leverages a Dolby decoding bug and a vulnerable video processing driver.

ThreatCluster AI

Timeline

2025-10-20
CVE-2025-54957 published
A vulnerability affecting Dolby decoding was disclosed, impacting multiple Android devices.
Article 1
2025-10-30
First public PoC for CVE-2025-54957
Proof of concept for the Dolby decoding vulnerability was made public, demonstrating exploitability.
Article 1
2026-02-01
Pixel 10 vulnerability patched
Google released a patch for the zero-click exploit chain in the February 2026 security bulletin.
Article 2
2026-05-13
Project Zero discloses exploit chain details
Researchers revealed the exploit chain for Pixel 10, highlighting its simplicity and impact.
Article 1
2026-05-16
Media coverage of exploit chain
Multiple news outlets reported on the exploit chain and its implications for Android security.
Article 2

Community

Browse all →