PAN-SA-2024-0007 Prisma Access Browser: Monthly Vulnerability Updates
Urgency
MODERATE
Response Effort
LOW
Recovery
AUTOMATIC
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
ACTIVE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Prisma Access Browser (supersedes Talon Browser) has incorporated the latest upstream Chromium security fixes listed here:
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_23.html
- https://chromereleases.googleblog.com/2024/07/stable-channel-update-for-desktop_30.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop.html
| CVE | CVSS | Summary |
|---|---|---|
| CVE-2024-6772 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Inappropriate implementation in V8. |
| CVE-2024-6773 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Type Confusion in V8. |
| CVE-2024-6774 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Screen Capture. |
| CVE-2024-6775 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Media Stream. |
| CVE-2024-6776 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Audio. |
| CVE-2024-6777 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Navigation. |
| CVE-2024-6778 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Race in DevTools. |
| CVE-2024-6779 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Out of bounds memory access in V8. |
| CVE-2024-6988 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Downloads. |
| CVE-2024-6989 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Loader. |
| CVE-2024-6990 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Uninitialized Use in Dawn. |
| CVE-2024-6991 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Dawn. |
| CVE-2024-6994 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Heap buffer overflow in Layout. |
| CVE-2024-6995 | 4.7 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) | Chromium: Inappropriate implementation in Fullscreen. |
| CVE-2024-6996 | 3.1 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Race in Frames. |
| CVE-2024-6997 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Tabs. |
| CVE-2024-6998 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in User Education. |
| CVE-2024-6999 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Inappropriate implementation in FedCM. |
| CVE-2024-7000 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in CSS. |
| CVE-2024-7001 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Inappropriate implementation in HTML. |
| CVE-2024-7003 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Inappropriate implementation in FedCM. |
| CVE-2024-7004 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Insufficient validation of untrusted input in Safe Browsing. |
| CVE-2024-7005 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Chromium: Insufficient validation of untrusted input in Safe Browsing. |
| CVE-2024-7255 | Chromium: Out of bounds read in WebTransport. | |
| CVE-2024-7256 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Insufficient data validation in Dawn. |
| CVE-2024-7532 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Out of bounds memory access in ANGLE. |
| CVE-2024-7533 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in Sharing. |
| CVE-2024-7534 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Heap buffer overflow in Layout. |
| CVE-2024-7535 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Inappropriate implementation in V8. |
| CVE-2024-7536 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Use after free in WebAudio. |
| CVE-2024-7550 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Chromium: Type Confusion in V8. |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access Browser | < 126.183.2844.1 | >= 127.100.2858.4 |
Severity: HIGH
CVSSv4.0 Base Score: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber)
Solution
Prisma Access Browser 127.100.2858.4 (supersedes Talon Browser) and all later Prisma Access Browser versions contain the fix for all the listed CVEs.
Timeline
Clarified affected and unaffected versions
Initial publication