Back to Blog
Mobile Security

Pixel's 0-Click Chain, Part 3: What Google Learned About Android Patching

Project Zero's own 0-click exploit chain against Pixel 9 took just weeks to build — but fixing the two bugs behind it took over four months and exposed real cracks in how Android's supply chain patches shared components.

PyramidLedger Research5 min read
Share

Key Takeaways

  • Project Zero chained a Dolby audio-decoder bug (CVE-2025-54957) with a kernel driver flaw (CVE-2025-36934) into a 0-click exploit reachable via Google Messages' automatic transcription of incoming audio.
  • Patch propagation, not exploit difficulty, was the weak link: Dolby didn't ship binary fixes until October 8, 2025, Samsung patched November 12, and Pixel itself didn't ship a fix until January 5, 2026.
  • Mitigations that would have blocked or slowed the chain already exist on Pixel hardware — Memory Tagging Extension and functional kASLR — but aren't enabled by default for most users.
  • Google's own Threat Intelligence Group has tracked 16 Android driver vulnerabilities exploited in the wild since 2023, underscoring that kernel-driver bugs are an active, not theoretical, attack surface.

A research exploit chain, built to expose process gaps

In the third post of its Pixel 9 series, Google's Project Zero steps back from exploit mechanics to the ecosystem problems the work surfaced. The team built a real 0-click exploit chain against Pixel 9 devices, reachable because Google Messages automatically transcribes incoming audio messages before a user ever taps on them. The com.google.android.tts process does the same for searchability. Both decode audio using every decoder available on the device — not just the common formats an attacker would actually be sending — which is what pulled an obscure component, the Dolby Universal Decoder Container (UDC), into the 0-click attack surface in the first place.

Two bugs, found fast, weaponized in weeks

The chain combined a memory-corruption flaw in the Dolby UDC (CVE-2025-54957) with a kernel privilege-escalation bug in the "BigWave" driver (CVE-2025-36934). Both were found during a one-week internal hackathon: the UDC bug in under two days, the BigWave bug in under one. Turning the UDC bug alone into a working exploit took roughly eight person-weeks; a basic BigWave proof-of-concept took about three weeks. Project Zero's framing is blunt — getting from a 0-click audio message to kernel code execution required only two software defects, well within reach of a well-resourced attacker.

The patch timeline is the real story

Project Zero reported the UDC bug to Dolby on June 26, 2025, and the BigWave bug to Pixel on June 20, 2025. Dolby didn't provide binary patches until October 8, 2025, and Project Zero disclosed publicly on October 15. Samsung became the first mobile vendor to ship a fix, on November 12, 2025. Pixel itself didn't ship a patch until January 5, 2026 — roughly four months after Google was notified of its own device's exposure, and the BigWave kernel fix followed a day later. Dolby's advisory compounded the problem: it described the bug as needing to be chained with other known Pixel vulnerabilities (it didn't) and characterized the typical outcome as "a media player crash" — undercutting its severity. Android's own priority matrix initially rated the bug "Moderate"; Samsung rated the same flaw "Critical." Android has since updated its matrix for this bug class.

Structural fixes, not just faster patching

Project Zero's recommendations target the supply chain, not just this one bug. The Dolby UDC ships with most Android OEM builds but sits outside APEX, Android's mechanism for updating components independently of a full OS release — so even a fixed codec can't reach devices quickly. Pixel's own fuzzing infrastructure doesn't cover the UDC at all. On the mitigation side, kASLR has reportedly been non-functional on Pixel devices since 2016; working kASLR would have added roughly six weeks to exploitation. Memory Tagging Extension has shipped on Pixel 8 and later but is only enabled for users who opt into Advanced Protection mode, not by default. Notably, the same Dolby codec bug could not be exploited on Mac or iPhone, where the -fbounds-safety compiler flag blocked the out-of-bounds write outright.

Why this matters beyond one Pixel model

This isn't an isolated finding. Google's own Threat Intelligence Group has tracked 16 Android driver vulnerabilities exploited in the wild since 2023, so kernel-driver bugs of this kind are a live attacker vector, not a research curiosity. The broader lesson for anyone managing an Android fleet is that memory-safety mitigations (MTE, hardened compilers, seccomp policies), attack-surface reduction (dropping decoders nobody legitimately sends), and update mechanisms that reach third-party components fast all need to be default-on, not opt-in, before a similar chain shows up outside a research lab.

Frequently Asked Questions

What is a 0-click exploit chain?

An exploit that compromises a device without any user interaction — no tap, no link click. In this case, simply receiving an audio message triggered automatic transcription, which decoded the audio and reached the vulnerable Dolby UDC component before the recipient did anything.

Which vulnerabilities did Project Zero use in the Pixel 9 chain?

A memory-corruption bug in the Dolby Universal Decoder Container (CVE-2025-54957), reached via automatic audio transcription in Google Messages, chained with a kernel privilege-escalation bug in the BigWave driver (CVE-2025-36934).

Why did it take so long to patch?

The bug crossed three separate parties — Dolby (the codec vendor), Google (Pixel), and Samsung (a licensee) — with Dolby not shipping binary fixes until October 8, 2025 and Pixel not patching until January 5, 2026, over four months after being notified and roughly two months after Samsung had already shipped a fix.

Sources

  1. 1A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?Google Project Zero
Share

Read next