[Palo Alto Networks Security Advisories] PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly VulnerabilityUpdate (April 2025)

April 9, 2025

Palo Alto Networks Security Advisories /PAN-SA-2025-0008

PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025)

UrgencyMODERATE

047910
Severity7.6 ·HIGH
Exploit MaturityUNREPORTED
Response EffortLOW
RecoveryUSER
Value DensityDIFFUSE
Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
AutomatableNO
User InteractionACTIVE
Product ConfidentialityHIGH
Product IntegrityHIGH
Product AvailabilityHIGH
Privileges RequiredNONE
Subsequent ConfidentialityHIGH
Subsequent IntegrityHIGH
Subsequent AvailabilityHIGH
JSONCSAF
Published2025-04-09
Updated2025-04-09
Discoveredexternally

Description

CVESummary
CVE-2025-1920Type Confusion in V8
CVE-2025-2135Type Confusion in V8
CVE-2025-2136Use after free in Inspector
CVE-2025-2137Out of bounds read in V8
CVE-2025-2476Use after free in Lens
CVE-2025-2783Incorrect handle provided in unspecified circumstances in Mojo
CVE-2025-0129Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 132.83.3017.1
>= 134.29.5.178

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity:HIGH, Suggested Urgency:MODERATE

CVSS-BT:7.6 /CVSS-B:9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-0129 132.83.3017.1
CVE-2025-1920
134.17.2.89
CVE-2025-2135
134.17.2.89
CVE-2025-2136
134.17.2.89
CVE-2025-2137
134.17.2.89
CVE-2025-2476
134.20.7.166
CVE-2025-2783
134.29.5.178

Workarounds and Mitigations

No workaround or mitigation is available.

Acknowledgments

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129.

Timeline

Initial publication

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[RALORD] – Ransomware Victim: ​​​​bettininformatica – suporteon company

April 19, 2025
image

CVE Alert: CVE-2025-24914

April 19, 2025
image

CVE Alert: CVE-2025-25985

April 19, 2025
image

CVE Alert: CVE-2025-3795

April 19, 2025
image

CVE Alert: CVE-2025-36625

April 19, 2025