Particle.news
Download on the App Store

Google Publishes June Android Security Bulletins With 122 Fixes and a 0‑Day

The updates patch critical flaws in system, framework and chipset code and use Google Play’s Project Mainline to deliver fixes to devices without timely OEM firmware updates.

Overview

  • Google’s June security release is split into two patch levels, 2026-06-01 and 2026-06-05, that together list roughly 122 fixed flaws including 15 critical issues and one reported zero-day.
  • The most serious bugs include framework elevation-of-privilege and denial-of-service flaws that affect Android 14 through 16-QPR2 and one remote code execution issue rated as high risk.
  • Google says at least one elevation-of-privilege bug (CVE-2025-48595) has been used in limited, targeted attacks while other reporting and Google have found no sign of widespread exploitation.
  • Dozens of hardware and kernel fixes cover vulnerabilities in chips and GPUs from Qualcomm, MediaTek, Unisoc and Imagination, and some of those fixes require vendor or OEM firmware updates to reach devices.
  • Two Google Play System (Project Mainline) updates are being shipped in June to patch MediaProvider and Documents UI elevation-of-privilege issues for devices running Android 10 or later, and users should install the 2026-06-01 and 2026-06-05 patch levels and check Play system updates.