A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave

FOE Google Project Zero January 14, 2026

Summary

Google Project Zero researchers discovered a zero-click exploit chain for the Pixel 9, detailing the process of escaping the mediacodec sandbox using a vulnerability in the BigWave driver. The BigWave driver, intended to accelerate AV1 decoding, was found to have multiple bugs, one of which allows for kernel arbitrary read/write access. This exploit bypasses the intended security constraints of the mediacodec SELinux context.

IFF Assessment

FOE

The discovery of a zero-click exploit chain allowing kernel arbitrary read/write is bad news for defenders.

Severity

9.0 Critical (AI Estimated)

Defender Context

This highlights the ongoing risk of vulnerabilities in hardware drivers, especially those exposed to userland contexts. Defenders should monitor for exploit attempts targeting the BigWave driver and ensure timely patching when updates are released. The trend of finding privilege escalation bugs in Android hardware drivers continues to be a significant concern.

Read Full Story →