The write-up demonstrates a full 0-click chain working against the Pixel 10 with hardware MTE enabled, proving that MTE's memory corruption mitigations can be circumvented. The detailed exploit walkthrough shows each stage — remote entry, sandbox escape, privilege escalation, and persistence — succeeding despite MTE enforcement on the Tensor G5.
The editorial argues this exploit forces a 'recalibration' of how much protection MTE actually provides in adversarial conditions. While acknowledging MTE raises exploitation cost substantially, it emphasizes that cost is not impossibility, and state-sponsored groups and commercial spyware vendors operate on budgets where 'substantially harder' still means feasible.
The editorial emphasizes that the Pixel 10 is Google's reference device for Android security — it gets patches first, runs the tightest SELinux policies, and has the first consumer SoC with full hardware MTE. A successful 0-click chain against this best-case device means every other Android phone is operating with strictly weaker defenses.
By surfacing the Project Zero write-up, the submission highlights Google's practice of publishing detailed exploit research against its own products. The post attracted 273 points and 115 comments, suggesting the community values this level of transparency from a major vendor about vulnerabilities in its current flagship device.
Google's Project Zero team published a detailed write-up of a complete 0-click exploit chain targeting the Pixel 10 — Google's current flagship running the Tensor G5 chipset and Android 16. The chain achieves remote code execution without any user interaction: no tapped links, no opened attachments, no permissions dialogs. The attacker sends a crafted payload, and the device is compromised silently.
A 0-click chain against the Pixel 10 is significant because this is the device Google holds up as its reference for Android security. The Pixel line gets patches first, runs the tightest SELinux policies, and the Tensor G5 is the first consumer SoC to ship with full hardware Memory Tagging Extension (MTE) enforcement. If the Pixel 10 falls, every other Android device is operating with strictly weaker defenses.
The write-up, which runs to several thousand words of meticulous technical detail in Project Zero's trademark style, walks through each stage of the chain: initial remote entry, sandbox escape, privilege escalation, and persistence. The Hacker News discussion surged past 270 points, with security researchers and Android developers dissecting the implications.
### The MTE question
ARM's Memory Tagging Extension was supposed to be the mitigation that made memory corruption exploits dramatically harder on mobile. Google invested heavily in enabling MTE across the Tensor G5's firmware and userspace, and published research in 2025 showing it caught 90%+ of heap corruption bugs in testing. This exploit chain working against a device with hardware MTE enabled forces a recalibration of how much protection MTE actually provides in adversarial conditions.
That doesn't mean MTE is useless — far from it. MTE raises the cost of exploitation substantially. But cost is not impossibility, and well-funded attackers (state-sponsored groups, commercial spyware vendors) operate on budgets where "substantially harder" still means "feasible." The chain likely required significant effort to develop, potentially involving deterministic approaches that sidestep MTE's probabilistic tag checks, or targeting components where MTE coverage has gaps.
### The 0-click attack surface
The fundamental problem with 0-click exploits is architectural: modern phones must process untrusted data from the network before the user makes any decision. RCS messages, SMS, Wi-Fi probe responses, Bluetooth advertisements, NFC tags — all of these hit complex parsers running in privileged contexts. Every parser that touches untrusted input before user consent is 0-click attack surface, and reducing that surface is an unsolved systems design problem.
Google has been shrinking this surface for years. They moved media parsing into constrained sandbox processes, restricted baseband access, and hardened the RCS stack. But the attack surface is enormous, and attackers only need one path through. Project Zero's own research consistently demonstrates that the gap between "we hardened this" and "this is unexploitable" remains vast.
### The ecosystem lag
Pixel devices got the patch promptly — Google controls the full stack. But the Android ecosystem's fragmentation means Samsung, OnePlus, Xiaomi, and dozens of other OEMs will take weeks to months to ship the fix. Some devices will never receive it. The real vulnerability window isn't the time between Project Zero's discovery and Google's patch — it's the months-long tail where billions of non-Pixel Android devices remain exposed.
This is the same structural problem the Android ecosystem has failed to solve for over a decade. Project Treble, Project Mainline, and Google Play system updates have all narrowed the gap, but none have closed it. When a 0-click chain is public, the clock is ticking for every unpatched device.
### If you build Android apps
Audit any code that parses untrusted media or messages. If your app registers intent filters for file types, URIs, or content providers that accept external input, you share the same attack surface that 0-click chains target. Fuzz your parsers. Use AddressSanitizer and MemorySanitizer in your test pipeline. If you're doing native code (NDK), enable MTE in your test builds on Pixel 10 hardware — it won't catch everything, but it catches a lot.
Consider whether your app truly needs to process data in the background without user interaction. Every background service that parses network data is a potential 0-click entry point. The principle of least processing applies: don't parse what you don't need to parse, and defer complex parsing until the user explicitly opens the content.
### If you manage device fleets
This is a concrete argument for Pixel-only policies in high-security environments. Not because Pixels are unbreakable — this chain proves otherwise — but because they patch fastest. If your threat model includes targeted attacks, the patch-to-deploy latency of your device fleet is a first-order security metric. Measure it. Report on it. Make procurement decisions based on it.
### If you work on security tooling
The sophistication of this chain reinforces that mobile exploit detection needs to move beyond signature-based approaches. Behavioral detection — anomalous process spawning, unexpected network connections from system services, unusual memory access patterns — is the only realistic path to catching 0-days in the wild. If you're building endpoint detection for mobile, this write-up is a blueprint for what your tool needs to spot.
Project Zero's disclosure continues a pattern: the most important security research comes from the teams with the resources and mandate to go deep. This write-up will be studied by defensive and offensive researchers alike for months. The immediate action is patching, but the deeper lesson is structural. Until the industry solves the "untrusted input hits complex parsers before user consent" problem — and that likely requires rethinking fundamental OS architecture, not just adding mitigations — 0-click chains will keep appearing. The question isn't whether the next one will be found, but whether defenses will have evolved enough to make the next one harder than this one.
"This is notably fast given that this is the first time that an Android driver bug I reported was patched within 90 days of the vendor first learning about the vulnerability."This makes me feel better about Google, but also makes me kind of frightened of the rest of Android. I wonder what
Semi-related: has the rate of published exploits picked up as if late, or is it simply the fact that there’s hype around ai as security tool (offense or defense) so it’s simply in the news more often?Feels like there’s something new every other day - linux, windows, mobile, various commonplace tools
Hmmm... I'd like someone to double check my thinking here. I posted this exact prompt for gpt 5.5 xhigh:```does this look right to you? don't do any searches or check memory, just think through first principlesstatic int vpu_mmap(struct file fp, struct vm_area_struct vm) { unsigned long pf
I've run into similar issues before. The solution seems reasonable, but I'm skeptical about the claimed performance improvements.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
I followed the link to the Pixel 9 bug/exploit and saw this:"Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient an