Exploitation for Priv-Esc × Google Pixel 10

A publicly-reported instance of Exploitation for Priv-Esc bypassing Google Pixel 10, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Google Pixel 10

Technique

Exploitation for Priv-Esc

MITRE ATT&CK

T1068

Confidence

High

Severity

Critical

Status

poc

Disclosed

2026-05-22

Config / version noted

Not stated

Provenance

hackaday.com
disclosed 2026-05-22 · original source · via brave

Reported as

Google's Project Zero developed a zero-click exploit chain targeting Pixel 10 phones, achieving full escalation from remote access to kernel-level compromise without user interaction.

Mechanism

A zero-click remote exploit chain that escalates privileges from an initial remote entry point to kernel-level access on Pixel 10 devices, bypassing all user interaction requirements and likely leveraging vulnerabilities in baseband, messaging, or media processing components.

Detection & mitigation

Monitor for unexpected privilege escalation events (e.g., new root processes, kernel module loads, or unauthorized capability assignments) via EDR and kernel audit logs. Mitigate by ensuring timely patching of baseband, messaging, and media components, and enable exploit mitigations like Control Flow Integrity (CFI) and sandboxing.

Exploitation for Priv-Esc has also been recorded against

Apple Atlassian Bitdefender Broadcom (Symantec)Comodo Security ConnectWise CrowdStrike Elastic ESET F5 Fortinet HitmanPro

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.