PT-2026-46790

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in WebAuthentication allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

PT-2026-46822

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in WebView allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-46824

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Reader Mode allows a local attacker to bypass navigation restrictions through the use of a malicious file. Recommendations Updat...

PT-2026-46818

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in Android Autofill allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...

PT-2026-46592

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A race condition in the GPU component allows a remote attacker who has already compromised the renderer process to leak cross-origin data. This is achieved by using a special...

PT-2026-46563

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Tab Group Sync allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, via...

PT-2026-46558

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Drag and Drop feature allows a remote attacker who has compromised the renderer process to potentially perform a sandbox...

PT-2026-46488

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue in the Input component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

PT-2026-46513

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in the Accessibility component allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an...

PT-2026-46461

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue in the UI allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a pointer after it has been...

PT-2026-46458

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A heap buffer overflow exists in ANGLE, which is a compatibility layer that translates OpenGL ES calls to other graphics APIs. This issue allows a remote attacker who has...

PT-2026-46805

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in CustomTabs allows a local attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-46774

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CustomTabs allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version...

PT-2026-46452

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue exists in WebAppInstalls, which allows a local attacker to execute arbitrary code by utilizing a malicious file. Use after free is a memory corruption...

PT-2026-46699

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Incorrect security UI in the Contact Picker allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker mimics a...

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

Exploit for CVE-2026-26897

EcoOnline EHS Android — Deep Link Validation Bypass → WebVie...

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

PT-2026-46055

Name of the Vulnerable Software and Affected Versions DD-WRT affected versions not specified Description A stack-based buffer overflow exists in the UPnP service of certain DD-WRT router firmware. The issue occurs when the service incorrectly handles large ST:uuid values within crafted M-SEARCH...

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 CVSS score: 8.4, the security flaw h...