Security researchers adapt Pixel 9 exploit chain to target Google Pixel 10
By
happyhardcore
Sesame, salt, and substance. A flagship bake.
Summary
This article describes how security researchers adapted an exploit chain originally developed for the Google Pixel 9 to work on the Pixel 10. The exploit chain leverages a Dolby zero-click vulnerability (CVE-2025-54957) that existed across all Android devices until patched in January 2026. The researchers detail the process of updating their exploit for the Pixel 10, focusing on recalculating offsets and adapting to the new hardware. The article demonstrates that despite Google's security improvements in the Pixel 10, similar attack vectors remain exploitable.
Key quotes
· 5 pulledWe recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits.
The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026.
While we had an exploit chain for the Pixel 9, we wanted to see if it was possible to write a similar exploit chain for Pixel 10.
Altering our exploit for CVE-2025-54957 was fairly straightforward.
The majority of needed changes involved updating offsets calculated
You might also wanna read
Android Lock Screen Bypass via Google Gemini Deep Research Remains Unpatched on Pixel 6a Running Android 16
A security researcher discovered that a previously reported and supposedly patched Android lock screen bypass via Google Gemini's Deep Resea
infosecwriteups.com·2d ago
Google detects and blocks first known AI-assisted zero-day exploit
Google's Threat Intelligence Group has detected and stopped what it says is the first known zero-day exploit developed with AI assistance. T
The Verge·20d ago
Google reports first evidence of hackers using AI to develop zero-day security exploit
Google has reported evidence of hackers using AI to develop a zero-day security vulnerability, marking the first time the company has observ
politico.com·7h ago