[Palo Alto Networks Security Advisories] PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025)
Palo Alto Networks Security Advisories /PAN-SA-2025-0016
PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025)
Description
Palo Alto Networks incorporated the following Chromium security fixes into our products:
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html
- https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html
| CVE | Summary |
|---|---|
| CVE-2025-9132 | Out of bounds write in V8 |
| CVE-2025-9478 | Use after free in ANGLE |
| CVE-2025-9864 | Use after free in V8 |
| CVE-2025-9865 | Inappropriate implementation in Toolbar |
| CVE-2025-9866 | Inappropriate implementation in Extensions |
| CVE-2025-9867 | Inappropriate implementation in Downloads |
| CVE-2025-10200 | Use after free in Serviceworker |
| CVE-2025-10201 | Inappropriate implementation in Mojo |
| CVE-2025-10500 | Use after free in Dawn |
| CVE-2025-10500 | Use after free in Dawn |
| CVE-2025-10501 | Use after free in WebRTC |
| CVE-2025-10501 | Use after free in WebRTC |
| CVE-2025-10502 | Heap buffer overflow in ANGLE |
| CVE-2025-10502 | Heap buffer overflow in ANGLE |
| CVE-2025-10585 | Type confusion in V8 |
| CVE-2025-10585 | Type confusion in V8 |
| CVE-2025-10890 | Side-channel information leakage in V8 |
| CVE-2025-10890 | Side-channel information leakage in V8 |
| CVE-2025-10891 | Integer overflow in V8 |
| CVE-2025-10891 | Integer overflow in V8 |
| CVE-2025-10892 | Integer overflow in V8 |
| CVE-2025-10892 | Integer overflow in V8 |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Browser | < 139.18.2.139 | >= 141.6.4.55 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity:MEDIUM, Suggested Urgency:MODERATE
CVSS-BT:6.1 /CVSS-B:8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
| CVE | Prisma Browser |
|---|---|
| CVE-2025-9132 | 139.18.2.139 |
| CVE-2025-9478 | 139.23.4.155 |
| CVE-2025-10200 | 140.14.7.133 |
| CVE-2025-10201 | 140.14.7.133 |
| CVE-2025-9864 | 140.14.7.133 |
| CVE-2025-9865 | 140.14.7.133 |
| CVE-2025-9866 | 140.14.7.133 |
| CVE-2025-9867 | 140.14.7.133 |
| CVE-2025-10500 | 141.6.4.55 |
| CVE-2025-10501 | 141.6.4.55 |
| CVE-2025-10502 | 141.6.4.55 |
| CVE-2025-10585 | 141.6.4.55 |
| CVE-2025-10890 | 141.6.4.55 |
| CVE-2025-10891 | 141.6.4.55 |
| CVE-2025-10892 | 141.6.4.55 |
Workarounds and Mitigations
No workaround or mitigation is available.
CPE Applicability
- cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:* is vulnerable from (including)139.18.2.139 and up to (excluding)141.6.4.55
Timeline
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
