A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
Summary
Google Project Zero researchers have detailed a zero-click exploit chain for the Google Pixel 10, demonstrating the ability to achieve root access on Android with two exploits. This chain was adapted from an existing exploit for the Pixel 9, with modifications made to account for the Pixel 10's use of RET PAC instead of -fstack-protector.
IFF Assessment
This article details a successful exploit chain that allows attackers to gain root access on Pixel devices, posing a significant threat to user security.
Severity
This exploit chain targets a zero-click vulnerability leading to root access, which is a critical impact. The attack vector is likely network-based (or requires no user interaction), and the exploitability is high given the success in creating a chain.
Defender Context
Defenders should be aware of the ongoing threat posed by zero-click exploit chains, particularly for mobile devices. Prompt patching of known vulnerabilities, such as the one patched in January 2026, is crucial, and understanding attack vectors that bypass user interaction is key to developing effective defenses.