You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
mobile patching
About this tag
Mobile patching on WindowsForum.com covers security updates for Android and iOS applications from Microsoft and Google, including Teams, Outlook, PowerPoint, and Chrome. Discussions highlight how vulnerabilities in mobile apps like information disclosure, spoofing, and tampering affect enterprise IT security boundaries. Topics include CVE-2026-42835 for Teams Android, CVE-2026-11019 and CVE-2026-11297 for Chrome Android, CVE-2026-42893 for Outlook iOS, and CVE-2026-41102 for PowerPoint Android. The content emphasizes that mobile patching now requires managing app updates, identity, and tenant hygiene as part of an integrated attack surface, moving beyond traditional Windows-focused security.
Google has disclosed CVE-2026-14114, a Chrome for Android vulnerability in the WebAppInstalls component that can allow a local attacker to spoof security-relevant interface information through a malicious file. Chrome identifies the issue as Low severity, but CISA-ADP assigns it a 7.5 HIGH CVSS...
Google disclosed CVE-2026-13932 on June 30, 2026, documenting a medium-severity flaw in Chrome on Android before version 150.0.7871.47 that could let a remote attacker, after compromising the renderer process, use a crafted HTML page to leak data across web-origin boundaries. The important...
Google disclosed CVE-2026-13807 on June 30, 2026, a high-severity use-after-free flaw in Chrome on iOS versions before 150.0.7871.47 that can let a remote attacker execute arbitrary code after persuading a user to perform specific interface gestures involving a malicious file. The vulnerability...
NVD published CVE-2026-13788 on June 30, 2026, with Chrome listed as the CVE source. The record describes a Critical use-after-free vulnerability in Google Chrome on Android versions earlier than 150.0.7871.47. A remote attacker could exploit it through a crafted HTML page to execute arbitrary...
Google Chrome for Android before version 150.0.7871.47 contains CVE-2026-14008, a medium-severity WebXR uninitialized-use flaw disclosed on June 30, 2026, that can let a remote attacker read potentially sensitive process memory when a user opens a crafted HTML page. Google’s Chrome Releases blog...
Microsoft disclosed CVE-2026-42835 on June 9, 2026, as a high-severity Microsoft Teams for Android information-disclosure vulnerability affecting versions from 1.0.0 before build 1.0.76.2026111302, with a Microsoft-provided fix now available through Google Play. The bug is not a Windows kernel...
CVE-2026-11019 is a medium-severity Google Chrome for Android flaw, published June 4, 2026 and last modified June 8, that affected versions before 149.0.7827.53 and could let a remote attacker with a compromised renderer spoof a domain through a crafted HTML page. The dry phrasing hides the real...
Google Chrome on Android before version 149.0.7827.53 contains CVE-2026-11297, a Reader Mode input-validation flaw disclosed on June 4, 2026, that can let a local attacker bypass navigation restrictions by using a malicious file. The bug is officially tagged as low severity by Chromium, but the...
Microsoft disclosed CVE-2026-42893 on May 12, 2026, as an Important-rated tampering vulnerability affecting Microsoft Outlook for iOS, with a fixed build listed as 5.2617.1 and customer action required through the App Store security update. The more interesting story is not merely that Outlook...
On May 12, 2026, Microsoft published CVE-2026-41102, an Important-rated spoofing vulnerability in Microsoft PowerPoint for Android caused by improper access control, with an official fix delivered through the Google Play Store as build 16.0.19822.20190 and customer action marked as required. The...