GrapheneOS
Regarding the unpatched, potentially exploitable vulnerabilities in the Pixel 4a: CVE-2024-29745, CVE-2024-29748, CVE-2024-32896, and CVE-2024-34722.
Among these, the one that can be called a serious vulnerability with a high probability of execution is CVE-2024-29745. The ability to dump the entire RAM via USB from a Pixel 4a in an "AFU" (After First Unlock) state is extremely dangerous.
The mitigation method is quite simple: one could just set the device to auto-reboot every 2 to 4 hours.
The likely targets for this kind of exploit are figures like notorious terrorists or individuals under high-priority government surveillance. The probability of an ordinary person falling victim to this is extremely close to zero.
CVE-2024-34722 is an attack that exploits a BLE (Bluetooth Low Energy) vulnerability, which could succeed if the right conditions are met.
The likelihood of an ordinary person being targeted by this is also exceedingly low.
Who would be the targets? Perhaps highly anti-government journalists or well-known drug traffickers?
The way to avoid it is simply to not use BLE.
Besides, BLE is already well-known for having many reported vulnerabilities on other devices for years, so it's likely that individuals under surveillance, such as anti-government journalists or drug traffickers, would normally keep it turned off anyway.
For my usage scenario, these can't be called dangerous vulnerabilities at all. While it's true that they pose a serious risk for a very, very small number of people, the mitigation methods for all of them are quite simple, aren't they?