Thursday, 16 July 2026Live global desk
GlobalPulse
The world, tracked in motion
Tech & Science

Tech giants patch critical flaws in Chrome, Firefox, Zoom and Adobe

Major software vendors released critical security updates in July 2026 to address vulnerabilities in browsers and productivity software.

Tech giants patch critical flaws in Chrome, Firefox, Zoom and Adobe
Tech giants patch critical flaws in Chrome, Firefox, Zoom and Adobe

Tech giants patch critical flaws in Chrome, Firefox, Zoom and Adobe

Major software vendors including Google, Mozilla, Adobe, and Zoom released a series of critical security updates in July 2026 to address vulnerabilities that could allow remote attackers to execute malicious code, take over user accounts, or bypass authentication.

Browser vulnerabilities and public exploits

Mozilla and Google issued updates for their respective browsers to resolve dozens of flaws. Mozilla released Firefox 152.0.6 to patch two critical vulnerabilities, CVE-2026-15718 and CVE-2026-15719. According to Mozilla, public exploit code already exists for both issues. The flaws involve a site isolation issue in the DOM: Navigation component and an invalid pointer in the JavaScript: WebAssembly component.

Google patched 15 security flaws in Chrome versions 150.0.7871.124/.125. These include two critical use-after-free bugs in the Ozone component, identified as CVE-2026-15764 and CVE-2026-15765. Other reports indicate different Chrome versions were also addressed, with version 147.0.7727.137/138 for Windows and macOS fixing 30 vulnerabilities, including four critical use-after-free bugs affecting the Canvas, iOS, Accessibility, and Views components (CVE-2026-7363, CVE-2026-7361, CVE-2026-7344, and CVE-2026-7343).

Security experts warn that memory corruption bugs, such as use-after-free conditions, are particularly dangerous. They can be chained with privilege escalation flaws to allow attackers to escape browser sandboxes and gain broader access to targeted systems. While Google stated it is not aware of any of its newly disclosed vulnerabilities being actively exploited in the wild, the existence of public exploit code for Firefox increases the urgency for immediate patching.

Enterprise and productivity software risks

Zoom released updates for a critical vulnerability in Zoom Workplace for Windows, tracked as CVE-2026-53412. With a CVSS score of 9.8, this improper input validation bug could allow remote, unauthenticated attackers to perform account takeover attacks. Zoom also resolved three high-severity flaws, including two privilege elevation issues and a time-of-check-to-time-of-use race condition.

Adobe released updates for 88 vulnerabilities across several products, including Illustrator, Experience Manager, Commerce/Magento Open Source, and ColdFusion. The ColdFusion bulletin specifically included multiple critical flaws that could lead to arbitrary code execution. Adobe has urged administrators to install these updates as soon as possible, suggesting a window of 72 hours.

Broadcom addressed a critical authentication bypass in the VMware Avi Load Balancer (CVE-2026-47865). This flaw could permit a network-accessible attacker to reach the Avi Control Plane, posing a significant risk to environments that rely on load balancers at the edge.

Splunk security advisories

Splunk published five advisories this week. Two of these resolve dozens of bugs in third-party components, while three address Splunk-specific issues:

  • CVE-2026-20296: A high-severity command safeguards bypass.
  • CVE-2026-20297: A high-severity path traversal.
  • CVE-2026-20298: A medium-severity information disclosure.

Exploitation of these weaknesses could allow attackers to view stored credential hashes, access data and credentials, or write files outside the intended application directory. Patches were included in Splunk Enterprise versions 10.4.1, 10.2.5, 10.0.8, and 9.4.13.

Recommended actions

Because threat actors often reverse-engineer patches to identify flaws, the period following disclosure is a critical window of risk. Users are advised to:

  1. Update affected software promptly.
  2. Restart applications to ensure patches are applied.
  3. Verify the software version after updating.
  4. Ensure automatic updates are enabled across all managed devices.

For enterprise users, Mozilla noted that fixes extend to Firefox ESR 115.35.1 and 140.10.1, providing security coverage without requiring a major version jump. Similarly, small businesses using Zoom are advised to update centralized deployment packages to prevent old builds from returning during the next install cycle.

Reporting based on coverage by aviatrix.ai.

Related stories