Google's elite Project Zero security team has done it again — this time turning the Pixel 10 into a case study for how hardware driver vulnerabilities can silently hand an attacker full root control of your phone, no taps required.
In a research post published May 13, Project Zero researcher Seth Jenkins detailed a complete zero-click exploit chain for the Pixel 10, building on the team's earlier, three-part Pixel 9 research series published in January 2026. That earlier work had demonstrated it was possible to go from a zero-click context to root on Android in just two exploits — and Jenkins wanted to see if the same was possible on Google's latest flagship.
The Entry Point: A Dolby Audio Bug, Repurposed
The first link in the chain is CVE-2025-54957, a vulnerability in the Dolby Unified Decoder (UDC) — a library for processing Dolby Digital audio formats that is integrated across Android, iOS, Windows, and media streaming devices.
The dangerous part: the Dolby UDC is part of the zero-click attack surface of most Android devices because incoming audio messages in Google Messages are transcribed before a user even opens them. A malicious audio file sent as a message triggers the exploit with no interaction from the target.
Adapting the Dolby exploit for Pixel 10 was straightforward, Jenkins noted, with the main hurdle being that the Pixel 10 uses RET PAC instead of -fstack-protector, a different stack protection mechanism that requires a workaround.
The Escalation: A Video Driver With No Boundaries
On the Pixel 9, the second exploit leveraged the BigWave AV1 decoder driver. That driver doesn't exist on Pixel 10. But Jenkins and collaborator Jann Horn found something worse. Working together, they spent just 2 hours auditing the VPU driver — used for video decoding on the Tensor G5 chip — and discovered an exceptional vulnerability.
The flaw in the driver's mmap handler is disarmingly simple: the driver makes a call to remap_pfn_range based purely on the size of the VMA (virtual memory area) and not at all bound to the size of the hardware register region, meaning a caller can map as much physical memory as they want into userland — including the entire kernel image. Making matters worse, the kernel is always at the same physical address on Pixel, so an attacker knows exactly where it is relative to the returned mmap address — no scanning required.
The result: achieving arbitrary read-write access to the kernel required just 5 lines of code, and the full exploit took less than a day to write.
One Bright Spot: Faster Patching
Jenkins reported the VPU bug on November 24, 2025, and it was patched 71 days later in the February Pixel security bulletin — notably the first time Android patched a driver bug Jenkins reported within 90 days. Compare that to the Pixel 9 Dolby chain, where the UDC vulnerability remained unpatched on Pixel for 82 days after public disclosure, and the BigWave driver bug took until January 6, 2026, to fix.
Progress — but Project Zero isn't satisfied. Jenkins noted that after flagging the BigWave driver issues, he had hoped the same development team would audit their other drivers. Five months later, a serious, extremely shallow vulnerability was immediately apparent in their VPU driver during a cursory review.
What Pixel 10 Users Should Do
The VPU vulnerability was patched in the February 2026 Pixel security update. If your device is running the February 2026 Security Patch Level (SPL) or later, you are protected. Check under Settings → About phone → Android security update. The Dolby exploit only affects devices on SPL December 2025 or earlier.
The deeper lesson here goes beyond any single bug fix: as Android packs in more AI-powered features that silently process incoming media, the zero-click attack surface keeps growing — and hardware driver security hasn't kept pace.