[Palo Alto Networks Security Advisories] PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)

May 14, 2025

Palo Alto Networks Security Advisories /PAN-SA-2025-0009

PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)

UrgencyMODERATE

047910
Severity7.6 ·HIGH
Exploit MaturityUNREPORTED
Response EffortLOW
RecoveryUSER
Value DensityDIFFUSE
Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
AutomatableNO
User InteractionACTIVE
Product ConfidentialityHIGH
Product IntegrityHIGH
Product AvailabilityHIGH
Privileges RequiredNONE
Subsequent ConfidentialityHIGH
Subsequent IntegrityHIGH
Subsequent AvailabilityHIGH
JSONCSAF
Published2025-05-14
Updated2025-05-14
Discoveredexternally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-3066Use after free in Site Isolation
CVE-2025-3067Inappropriate implementation in Custom Tabs
CVE-2025-3068Inappropriate implementation in Intents
CVE-2025-3069Inappropriate implementation in Extensions
CVE-2025-3070Insufficient validation of untrusted input in Extensions
CVE-2025-3071Inappropriate implementation in Navigations
CVE-2025-3072Inappropriate implementation in Custom Tabs
CVE-2025-3073Inappropriate implementation in Autofill
CVE-2025-3074Inappropriate implementation in Downloads
CVE-2025-3619Heap buffer overflow in Codecs
CVE-2025-3620Use after free in USB
CVE-2025-4050Out of bounds memory access in DevTools
CVE-2025-4051Insufficient data validation in DevTools
CVE-2025-4052Inappropriate implementation in DevTools
CVE-2025-4096Heap buffer overflow in HTML
CVE-2025-4372Use after free in WebAudio

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 135.16.8.96
>= 136.11.9.93

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity:HIGH, Suggested Urgency:MODERATE

CVSS-BT:7.6 /CVSS-B:9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-3066
135.16.8.96
CVE-2025-3067
135.16.8.96
CVE-2025-3068
135.16.8.96
CVE-2025-3069
135.16.8.96
CVE-2025-3070
135.16.8.96
CVE-2025-3071
135.16.8.96
CVE-2025-3072
135.16.8.96
CVE-2025-3073
135.16.8.96
CVE-2025-3074
135.16.8.96
CVE-2025-3619
135.16.8.96
CVE-2025-3620
135.16.8.96
CVE-2025-4050
136.11.9.93
CVE-2025-4051
136.11.9.93
CVE-2025-4052
136.11.9.93
CVE-2025-4096
136.11.9.93
CVE-2025-4372
136.11.9.93

Workarounds and Mitigations

No workaround or mitigation is available.

Acknowledgments

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129.

Timeline

Initial publication

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[LYNX] – Ransomware Victim: Royal Chemical

May 14, 2025
image

[PLAY] – Ransomware Victim: Grafton Technologies

May 14, 2025
image

[PLAY] – Ransomware Victim: Regal Ideas

May 14, 2025
image

[AKIRA] – Ransomware Victim: Av Alumitran

May 14, 2025
Palo_Alto_Networks_Logo

[Palo Alto Networks Security Advisories] PAN-SA-2025-0010 Informational Bulletin: No Impact of the Marvin Attack onPAN-OS

May 14, 2025