Welcome to my June 2026 Patch Monday newsletter.
This month we have updates from Adobe, Google for Chrome, Mozilla and Zoom.
Chrome had one of the largest updates I've seen so far so let's discuss that first. Over the past 30 days Google released 5 updates to Chrome. On May 27th they released a stable channel update that included 151 security fixes. That seemed pretty massive until June 2nd when another update was released that fixed 429 security flaws. In all my time covering 3rd party patches, this is by far the largest number of fixes I've seen for Chrome in a single update. Following that on June 8th there was another update for 74 fixes that included, at the time of release, a zero-day fix for CVE-2026-11645. Adding on the fixes from the most recent 2 updates and we have a total of 714 security flaw fixes for Chrome in the past 30 days! You will want to be sure to get those browsers restarted and updated especially with 73 of these updates being rated "Critical" by Google.
Adobe also had a few critical updates. Acrobat and Experience Manager Forms both had Critical Priority 2 updates. According to Adobe, this means they suggest applying the updates within 30 days of release. Adobe Campaign Classic and ColdFusion both had Critical Priority 1 updates. Adobe recommends these are updated within 72 hours of the release date. So, if you have these running in your environment, you will want to give them priority for testing and updates.
Besides these it was a fairly normal month for 3rd party patching. If there are any additional products you would like to see in the chart below, please let me know.
Be sure to browse the chart below and happy patching!
|
|
So, without further ado, here’s the chart of non-Microsoft 3rd party patches that affect Windows platforms in the past month.
|
Patch data provided by: |
|||||
|
Identifier |
Vendor/ |
Affected Versions |
Date Released |
Vulnerability Info |
Vender Severity / Our Recommendation |
|
Adobe Acrobat Reader |
Continuous 26.001.21651 and earlier |
6/9/2026 |
Arbitrary Code Execution, Application Denial of Service, Memory Exposure |
Critical Priority 2: Update within 30 days |
|
|
Adobe Campaign Classic |
v7: 7.4.3 build 9394 and earlier |
6/9/2026 |
Arbitrary Code Execution |
Critical Priority 1: Update within 72 hours |
|
|
Adobe ColdFusion |
2025 Update 8 and earlier |
6/9/2026 |
Arbitrary Code Execution, Privilege Escalation, Security Feature Bypass |
Critical Priority 1: Update within 72 hours |
|
|
Adobe Credentials SDK |
JS SDK |
6/9/2026 |
Application Denial of Service, Arbitrary File System Write |
Critical Priority 3: Update at admins discretion |
|
|
Adobe DNG SDK |
1.7.1 build 2536 and earlier |
6/9/2026 |
Arbitrary Code Execution, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Dreamweaver |
21.7 and earlier |
6/9/2026 |
Arbitrary Code Execution, Arbitrary File System Read |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager |
AEM CS |
6/9/2026 |
Arbitrary Code Execution, Security Feature Bypass |
Important Priority 3: Update at admins discretion |
|
|
Adobe Experience Manager Forms |
6.5 SP1 and earlier |
6/9/2026 |
Arbitrary Code Execution |
Critical Priority 2: Update within 72 hours |
|
|
Adobe Format Plugins |
1.1.2 and earlier |
6/9/2026 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InCopy |
21.3 and earlier |
6/9/2026 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Adobe InDesign |
21.3 and earlier |
6/9/2026 |
Arbitrary Code Execution, Application Denial of Service, Memory Exposure |
Critical Priority 3: Update at admins discretion |
|
|
Adobe Substance 3D Sampler |
6.0.0 and earlier |
6/9/2026 |
Arbitrary Code Execution |
Critical Priority 3: Update at admins discretion |
|
|
Google |
Before 149.0.7827.155/.156 (Windows/Mac) |
6/17/2026 |
Heap Buffer Overflow, Inappropriate Implementation, Incorrect Security UI, Insufficient Policy, Insufficient Validation, Integer Overflow, Out of Bounds Read/Write, Race, Script Injection, Type Confusion, Uninitialized Use, Use After Free |
Update ASAP | |
|
Mozilla Thunderbird |
Before 152 |
6/16/2026 |
Arbitrary Code Execution, Denial of Service, Incorrect Boundary, Information Disclosure, Mitigation Bypass, Privilege Escalation, Sandbox Escape, Use After Free |
Update after testing |
|
|
Mozilla Firefox |
Before 152 |
6/16/2026 |
Arbitrary Code Execution, Clickjacking, Denial of Service, Incorrect Boundary, Information Disclosure, Integer Overflow, Mitigation Bypass, Privilege Escalation, Sandbox Escape, Use After Free |
Update after testing |
|
|
Mozilla Firefox ESR |
Before 140.12 |
6/16/2026 |
Arbitrary Code Execution, Denial of Service, Incorrect Boundary, Information Disclosure, Mitigation Bypass, Privilege Escalation, Sandbox Escape, Use After Free |
Update after testing |
|
|
Mozilla Firefox for iOS |
Before 152 |
6/16/2026 |
Arbitrary Code Execution, Cookie Injection, Data Leak, Rendering Issue |
Update after testing |
|
|
Mozilla Focus for iOS |
Before 151.3.1 |
6/9/2026 |
UXSS |
Update after testing |
|
|
Remote Control for Zoom Contact Center for Windows |
Before 7.0.0 |
6/9/2026 |
Insufficient Verification |
Sev High - Update after testing |
|
|
Zoom Workplace Mobile Clients |
Workplace and Meeting SDK for Android before 7.0.4 |
6/9/2026 |
Improper Authorization |
Sev High - Update after testing |
|
Thanks as always for reading and best wishes on security,
Randy Franklin Smith
Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2026 Monterey Technology Group, All rights reserved. You may forward this email in its entirety but all other rights reserved.
1162 Manus Chapel Road, Mill Springs, NC 28756
Note: We do our best to provide quality information and expert commentary but use all information at your own risk.