The US government warning comes from the Known Exploited Vulnerabilities (KEV) listings that are managed by CISA (Cybersecurity and Infrastructure Security Agency). The advisory said, “Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.” Privilege escalation would allow an attacker to use an app to capture information that normally would not be available to the bad actor.
GrapheneOS posts more information about the security update
To update your Pixel, go to Settings > System > Software updates and if you have an update pending, simply follow the directions. In a situation like this, we’d suggest that all Pixel users, whether they work for the U.S. government or not, update their phones right away.