Google’s June 2026 Android update fixes dozens of flaws, including a potentially exploited Framework vulnerability and critical system bugs.

Google’s June 2026 Android security release is one of the heavier patch cycles of the year, and it carries something that immediately separates it from routine monthly updates: a vulnerability that attackers were already using before the fix arrived.

The flaw in question, tracked as CVE-2025-48595, lives inside the Android Framework – the layer of APIs and system services that applications communicate with directly. Google’s bulletin notes there are indications the vulnerability has been involved in limited, targeted exploitation in the wild. It affects devices running Android 14, Android 15, Android 16, and Android 16 QPR2, and it is an elevation-of-privilege bug, meaning a successful attacker gains access beyond what they should have on a compromised device.

What the Critical Vulnerabilities Actually Cover

The zero-day is not the only serious issue addressed this month. The most severe fix in the June bulletin is CVE-2025-65018, a critical Framework vulnerability that could enable remote escalation of privilege without requiring any user interaction and without needing additional execution privileges on the target device. That combination – remote, no interaction, no preconditions – puts it at the top of the priority list for anyone assessing patch urgency across a device fleet.

The System component received its own round of critical attention. Four vulnerabilities – CVE-2026-0043, CVE-2026-0097, CVE-2026-21352, and CVE-2026-21353 – were patched for issues that could allow local privilege escalation without user input. These sit a step below the remote exploitation threshold but remain meaningful in any scenario where an attacker already has a foothold on the device.

Chipset-level fixes extend the scope further. Google incorporated security patches from Qualcomm, MediaTek, Imagination Technologies, and Unisoc into the June release. Qualcomm’s closed-source components account for three critical fixes on their own, tracked as CVE-2025-47392, CVE-2026-25276, and CVE-2026-25277. Kernel components also received patches, rounding out a bulletin that touches nearly every layer of the Android stack.

The June fixes ship through two security patch levels. The 2026-06-01 level covers the core Android vulnerabilities. The 2026-06-05 level folds in everything from the first level, plus the vendor-specific and kernel fixes. Devices showing the later patch level have received the complete set.

Play Store and Google Services Updates Running in Parallel

Alongside the security release, Google published its June 2026 Google System Services notes covering changes to Play Services and the Play Store that roll out independently from full OS upgrades.

The most visible change lands with Play Store version 51.7, which redesigns the dialogs that appear when users purchase or download apps. The refresh applies across phones, Android TV devices, and Android Auto systems. Google’s release notes describe it as a refreshed design in Play Store dialogs when getting or buying an app.

Pricing and promotional visibility also get an upgrade. Sale prices, discount details, and offer expiration dates now surface more prominently throughout the storefront – a change that affects how users encounter time-sensitive pricing rather than requiring them to find it.

Pre-registration handling sees a structural change as well. Previously, signing up for an upcoming app and enabling automatic installation when it launched were handled as separate steps. The June update consolidates both into a single flow. Users also gain access to new notification types, including alerts for monthly challenges and Loyalty MAX challenges delivered through Play Store pop-up banners.

A content discovery addition lets users find material related to apps they already have installed, accessible directly from installed app listing pages and through Play Collections.

Password Manager Gets Interoperability

Google Play Services version 26.21 introduces what may be the most practically significant feature in the June system update for users who manage credentials across multiple tools. Google Password Manager now supports importing and exporting passwords and passkeys between itself and third-party password managers through the Credential Exchange standard. For users who maintain credentials across different platforms or want to move away from or toward Google’s built-in manager, that interoperability removes a friction point that has historically made switching or syncing across tools unnecessarily complicated.

Rollout Timeline

Google System updates travel a different path than full Android OS upgrades, reaching Android phones, tablets, Wear OS devices, Android TV and Google TV hardware, Android Auto systems, and ChromeOS without requiring a full system update. As with previous monthly cycles, individual features may not reach all users simultaneously – appearance in release notes reflects availability beginning to roll out rather than universal deployment on a fixed date.

For the security patches specifically, the practical question for most users and device administrators is whether their hardware is receiving updates at all, and at what patch level. Devices stuck below the June patch levels remain exposed to the Framework vulnerability that was already being actively targeted before this bulletin shipped.

Research and Intelligence Sources: Android, Google

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com 



🔒 Login or Register to continue reading