Google Project Zero Discloses Pixel 10 Zero-Click Exploit

Google Project Zero researchers disclosed a zero-click exploit chain affecting the Pixel 10 smartphone in May 2026 ^[1].

This discovery is significant because zero-click vulnerabilities represent the highest tier of security risk. Unlike traditional attacks, these exploits do not require a user to click a malicious link or open a compromised file to grant access to the device.

The research team identified the chain of vulnerabilities specifically targeting the Pixel 10 hardware and software ecosystem ^[1]. By bypassing standard security layers, an attacker could potentially gain unauthorized control over the device remotely. The disclosure aims to highlight the critical nature of this vulnerability so that necessary patches can be implemented ^[2].

While some reports have suggested the vulnerability may affect the Pixel 9, the primary disclosure from Project Zero and supporting reports from Forbes identify the Pixel 10 as the affected model ^[1], ^[2]. The Project Zero team typically follows a strict disclosure timeline to ensure vendors can address flaws before they are widely publicized.

This specific exploit chain allows for the complete compromise of the system without the owner ever knowing a breach occurred. Because the attack requires no one to interact with the device, it is often referred to in the security community as a "holy grail" for hackers ^[2].

Google has not yet detailed the specific technical mechanism of the exploit in the public disclosure, but the Project Zero team continues to monitor the situation to ensure a comprehensive fix is deployed across all affected Pixel 10 units ^[1].