[Palo Alto Networks Security Advisories] PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)
Palo Alto Networks Security Advisories /PAN-SA-2025-0015
PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)
Description
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_26.html
- https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html
- https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html
| CVE | Summary |
|---|---|
| CVE-2025-8576 | Use after free in Extensions |
| CVE-2025-8577 | Inappropriate implementation in Picture In Picture |
| CVE-2025-8578 | Use after free in Cast |
| CVE-2025-8579 | Inappropriate implementation in Picture In Picture |
| CVE-2025-8580 | Inappropriate implementation in Filesystems |
| CVE-2025-8581 | Inappropriate implementation in Extensions |
| CVE-2025-8582 | Insufficient validation of untrusted input in Core |
| CVE-2025-8583 | Inappropriate implementation in Permissions |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access Browser | < 139.12.4.128 | >= 139.12.4.128 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity:MEDIUM, Suggested Urgency:MODERATE
CVSS-BT:6.1 /CVSS-B:8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
| CVE | Prisma Access Browser |
|---|---|
| CVE-2025-8576 | 139.12.4.128 |
| CVE-2025-8577 | 139.12.4.128 |
| CVE-2025-8578 | 139.12.4.128 |
| CVE-2025-8579 | 139.12.4.128 |
| CVE-2025-8580 | 139.12.4.128 |
| CVE-2025-8581 | 139.12.4.128 |
| CVE-2025-8582 | 139.12.4.128 |
| CVE-2025-8583 | 139.12.4.128 |
Workarounds and Mitigations
No workaround or mitigation is available.
CPE Applicability
- cpe:2.3:a:palo_alto_networks:prisma_access_browser:*:*:*:*:*:*:*:* is vulnerable from (including)139.12.4 and up to (excluding)139.12.4.128
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
