Google Pixel 10 Vulnerable to 0-Click Exploit Chain
Google Pixel 10 vulnerable to 0-click exploit chain, allowing root access without user interaction. Patching and vulnerability management are crucial to prevent exploit attempts.

A 0-click exploit chain for the Google Pixel 10 has been discovered, allowing attackers to gain root access to the device without any user interaction.
Attack Vector Mechanics
The exploit chain, documented by Google Project Zero, takes advantage of a vulnerability in the Dolby library, which is used for audio processing on the device. The vulnerability, CVE-2025-54957, was previously patched in January 2026, but the researchers were able to update their exploit to work on the Pixel 10 by adjusting the offsets calculated for the specific version of the library used on the device.
Technical Details
The exploit chain uses a combination of techniques, including RET PAC and stack pivoting, to bypass the device's security mechanisms and gain root access. The researchers note that the Pixel 10's use of RET PAC instead of -fstack-protector made the exploit more challenging to develop.
Who Is Affected
The vulnerability affects Google Pixel 10 devices, and potentially other Android devices that use the Dolby library. However, the researchers note that the exploit chain is specific to the Pixel 10 and may not work on other devices.
What the Sceptics Say
Some may argue that the vulnerability is not a significant concern, as it requires a complex exploit chain to be executed. However, the researchers counter that the vulnerability highlights the need for improved security measures in the Android ecosystem, particularly with regards to the use of third-party libraries like Dolby.
How to Defend
- Keep devices and software up to date with the latest security patches.
- Use a reputable security solution to detect and prevent exploit attempts.
- Be cautious when installing third-party apps, as they may introduce vulnerabilities to the device.
Key Takeaways
- Security Teams: Prioritize patching and vulnerability management to prevent exploit attempts.
- CISOs: Consider the potential risks and consequences of using third-party libraries in mobile devices.
- Developers: Ensure that third-party libraries are thoroughly vetted and tested for security vulnerabilities before integration.
- End Users: Keep devices and software up to date, and be cautious when installing third-party apps.
Related Security Coverage
Sources
This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.
Marcus Chen
Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.