Zero-Click Exploit Chain Discovered for Google Pixel 10

Severity: High (Score: 71.0)

Sources: Blogger, Gbhackers

Summary

A zero-click exploit chain for the Google Pixel 10 has been detailed, allowing attackers to gain full kernel control via a vulnerable video processing driver. This exploit builds on the previously identified Dolby 0-click vulnerability (CVE-2025-54957), which was patched in January 2026. The exploit takes advantage of a driver that exposes hardware interfaces directly to userspace, permitting attackers to map physical memory into userland. The vulnerability affects unpatched Pixel 10 devices running software prior to the December 2025 security patch. The exploit chain demonstrates how quickly Google can patch critical issues, while also highlighting risks posed by vendor driver mistakes. The exploit is currently available for use against vulnerable devices. Key Points: • A zero-click exploit chain for Pixel 10 allows full kernel control via a video driver vulnerability. • The exploit builds on the previously patched Dolby vulnerability (CVE-2025-54957). • Unpatched Pixel 10 devices running software prior to December 2025 are at risk.

Key Entities

• Zero-day Exploit (attack_type)
• CVE-2025-54957 (cve)
• Cwe-125 - Out-of-bounds Read (cwe)
• Cwe-787 - Out-of-bounds Write (cwe)
• T1068 - Exploitation for Privilege Escalation (mitre_attack)
• Android (platform)
• Linux (platform)
• Dolby 0-click Vulnerability (vulnerability)