PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025)

Palo Alto Networks Security Advisories / PAN-SA-2025-0018

PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025)

Urgency MODERATE

Severity 6.1 · MEDIUM

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction ACTIVE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

JSON CSAF

Published 2025-11-12

Updated 2025-11-12

Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

CVE	CVSS	Summary
CVE-2025-12428		Type Confusion in V8
CVE-2025-12429		Inappropriate implementation in V8
CVE-2025-12430		Object lifecycle issue in Media
CVE-2025-12431		Inappropriate implementation in Extensions
CVE-2025-12432		Race in V8
CVE-2025-12433		Inappropriate implementation in V8
CVE-2025-12036		Inappropriate implementation in V8
CVE-2025-12434		Race in Storage
CVE-2025-12435		Incorrect security UI in Omnibox
CVE-2025-12436		Policy bypass in Extensions
CVE-2025-12437		Use after free in PageInfo
CVE-2025-12438		Use after free in Ozone
CVE-2025-12439		Inappropriate implementation in App-Bound Encryption
CVE-2025-12440		Inappropriate implementation in Autofill
CVE-2025-12441		Out of bounds read in V8
CVE-2025-12443		Out of bounds read in WebXR
CVE-2025-12444		Incorrect security UI in Fullscreen UI
CVE-2025-12445		Policy bypass in Extensions
CVE-2025-12446		Incorrect security UI in SplitView
CVE-2025-12447		Incorrect security UI in Omnibox
CVE-2025-4616		Prisma Browser: Insufficient Validation of Untrusted Input Vulnerability in Prisma Browser
CVE-2025-4617		Prisma Browser: Insufficient Policy Enforcement Vulnerability in Prisma Browser
CVE-2025-4618		Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser

Product Status

Versions	Affected	Unaffected
Prisma Browser	< 142.15.2.60	>= 142.15.6.60

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVE	Prisma Browser
CVE-2025-12428	142.15.2.60
CVE-2025-12429	142.15.2.60
CVE-2025-12430	142.15.2.60
CVE-2025-12431	142.15.2.60
CVE-2025-12432	142.15.2.60
CVE-2025-12433	142.15.2.60
CVE-2025-12430	142.15.2.60
CVE-2025-12434	142.15.2.60
CVE-2025-12435	142.15.2.60
CVE-2025-12436	142.15.2.60
CVE-2025-12437	142.15.2.60
CVE-2025-12438	142.15.2.60
CVE-2025-12439	142.15.2.60
CVE-2025-12440	142.15.2.60
CVE-2025-12441	142.15.2.60
CVE-2025-12443	142.15.2.60
CVE-2025-12444	142.15.2.60
CVE-2025-12445	142.15.2.60
CVE-2025-12446	142.15.2.60
CVE-2025-12447	142.15.2.60
CVE-2025-4616	142.15.6.60
CVE-2025-4617	142.15.6.60
CVE-2025-4618	142.15.6.60

Workarounds and Mitigations

No known workarounds exist for this issue.

Acknowledgments

Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-4616, CVE-2025-4617 and CVE-2025-4618.

CPE Applicability

cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:* is vulnerable from (including)142.15.6 and up to (excluding)142.15.6.60

Timeline

2025-11-12 Initial Publication