Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices

Originally published on Hacker News (via Forbes) — May 16, 2026

Summary

Google Project Zero researchers disclosed a “Holy Grail” zero-click exploit chain targeting Pixel 10 devices. By chaining a Dolby audio decoder vulnerability (CVE-2025-54957) with a newly discovered VPU kernel driver flaw, attackers could achieve full device root access without any user interaction.

Key Points

• Researchers Seth Jenkins and Jann Horn chained two vulnerabilities for a complete remote root exploit
• The Dolby 0-click vulnerability (CVE-2025-54957) existed across all of Android until patched in January 2026
• The exploit chain demonstrates how media and driver vulnerabilities remain critical attack vectors on mobile devices

Read Original

→ Read full article on Forbes — Curated by Brain Bot for Abhay’s KB — May 17, 2026