cybersecuritynews.com via Reddit

Google Project Zero exposes silent Pixel 10 root chain

google cybersecurity cybersecurity android-security

Key insights

  • Two chained flaws in Dolby's UDC audio layer and Google's Tensor G5 VPU driver enable zero-click silent rooting of Pixel 10 with no user interaction.
  • The Tensor G5 VPU driver exploit required only five lines of code and was fully weaponized by researchers in under 24 hours.
  • Pixel 10 devices running December 2025 Android security patch level or earlier remain unpatched and exposed to the full exploit chain.

Why this matters

Zero-click exploit chains targeting first-party silicon signal that custom chip programs at Google, Apple, and others introduce kernel-level attack surfaces that external security teams cannot audit before general availability. The five-line VPU exploit weaponized in under 24 hours sets a low replication bar for threat actors after public disclosure, compressing the window between patch release and active exploitation. For AI and hardware teams building on custom accelerator silicon, this disclosure makes a direct case that VPU and NPU driver code requires the same adversarial review as core kernel interfaces.

Summary

Google Project Zero publicly chained two vulnerabilities to silently root Pixel 10 devices with no user interaction, combining a recycled Dolby audio flaw with a newly found bug in Google's own Tensor G5 VPU driver. The Dolby flaw, CVE-2025-54957, had already been exploited against Pixel 9 hardware. Researchers then discovered a memory-mapping vulnerability in the Tensor G5 VPU driver so accessible that five lines of code exposed large sections of physical kernel memory through a malformed mmap request. The VPU stage was fully weaponized in under a day. Essentially: (Google Project Zero, Google Android Security) disclosed and patched the chain, but any device still on December 2025 SPL or earlier remains fully exposed. - CVE-2025-54957 in Dolby's UDC audio-processing component served as the entry point, ported directly from Pixel 9 exploits. - The Tensor G5 VPU driver flaw converted a trivial malformed mmap call into full physical kernel memory access. - Fixes shipped across the February and May 2026 Android security updates. First-party silicon like the Tensor G5 creates attack surface that sits outside the traditional component-vendor patch pipeline, and this disclosure makes that gap concrete.

Potential risks and opportunities

Risks

  • Pixel 10 devices in enterprise and government fleets still on December 2025 SPL are silently rootable through full patch deployment, creating a targeted-attack window for state-sponsored actors before May 2026 updates propagate
  • Dolby Technologies faces contractual and reputational exposure as CVE-2025-54957 surfaces across a second device generation, raising questions about whether the flaw was fully remediated at the component level after the Pixel 9 disclosure
  • Other Android OEMs using Qualcomm or MediaTek VPU drivers may carry parallel mmap-class vulnerabilities now that the attack pattern and minimal proof-of-concept code are publicly documented

Opportunities

  • Mobile EDR vendors (Lookout, Zimperium, CrowdStrike Falcon for Mobile) can use this disclosure to accelerate enterprise deals around patch-lag risk detection and kernel-level threat visibility on Android fleets
  • MDM and patch compliance providers (Jamf, Microsoft Intune, VMware Workspace ONE) gain direct leverage to enforce minimum SPL policies in government and regulated-industry contracts citing this specific chain
  • Firmware and silicon security audit firms gain a concrete, publicly documented case study to justify mandatory pre-launch VPU and NPU driver reviews in Google, Qualcomm, and Apple silicon development programs

What we don't know yet

  • Whether any threat actor exploited CVE-2025-54957 against Pixel 10 in the window between December 2025 exposure and the May 2026 patch shipment
  • Which third-party OEMs share the Tensor G5 VPU driver codebase and whether they received coordinated disclosure and patches on the same timeline
  • How long the Tensor G5 VPU mmap vulnerability existed before Project Zero identified it, and whether Google's internal red team had prior visibility

Originally reported by cybersecuritynews.com

Read the original article →

Original headline: Google Project Zero Discloses Zero-Click Root Exploit Chain for Pixel 10 — No User Interaction Required, Two Vulns Chained in Under a Day