Project Zero showcased a new exploitation chain for Pixel 10

Google Project Zero published an analysis of a zero-click exploit chain for Pixel 10: from a vulnerability in a Dolby component to full Android kernel access.

The core issue was in the /dev/vpu driver. A bug in vpu_mmap() allowed a process to map physical memory beyond the device's register region, including kernel memory. Since the Pixel kernel was located at a stable physical address, the researchers did not need to search for it in RAM — expanding the mapped region was enough.

Project Zero notes that arbitrary kernel memory read/write required only a few lines of code, and the full exploit was built in under a day.

📎 Research: https://projectzero.google/2026/05/pixel-10-exploit.html

💬 Discuss