Palo Alto Networks Security Advisories / PAN-SA-2024-0009

PAN-SA-2024-0009 Prisma Browser: Monthly Vulnerability Updates

Urgency MODERATE

047910
Severity 8.6 · HIGH
Response Effort LOW
Recovery AUTOMATIC
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2024-09-11
Updated 2024-09-11
Discovered externally

Description

Prisma Browser has incorporated the latest upstream Chromium security fixes listed here:

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html

- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html

- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html

CVECVSSSummary
CVE-2024-79648.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Use after free in Passwords.
CVE-2024-79658.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in V8.
CVE-2024-79668.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Out of bounds memory access in Skia.
CVE-2024-79678.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Heap buffer overflow in Fonts.
CVE-2024-79688.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Use after free in Autofill.
CVE-2024-79718.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Type confusion in V8.
CVE-2024-79728.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in V8.
CVE-2024-79738.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Heap buffer overflow in PDFium.
CVE-2024-79748.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Insufficient data validation in V8 API.
CVE-2024-79754.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Permissions.
CVE-2024-79764.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in FedCM.
CVE-2024-79777.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer.
CVE-2024-79784.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Insufficient policy enforcement in Data Transfer.
CVE-2024-79797.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer.
CVE-2024-79807.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer.
CVE-2024-79814.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Views.
CVE-2024-80334.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in WebApp Installs.
CVE-2024-80344.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Custom Tabs.
CVE-2024-80354.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)Fixed in Prisma Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Extensions.
CVE-2024-79698.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.114.2877.3 - Chromium: Type Confusion in V8.
CVE-2024-81938.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.114.2877.3 - Chromium: Heap buffer overflow in Skia.
CVE-2024-81948.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.114.2877.3 - Chromium: Type Confusion in V8.
CVE-2024-81988.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.114.2877.3 - Chromium: Heap buffer overflow in Skia.
CVE-2024-83628.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.120.2884.4 - Chromium: Use after free in WebAudio.
CVE-2024-79708.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)Fixed in Prisma Browser 128.120.2884.4 - Chromium: Out of bounds write in V8.
CVE-2024-8636Fixed in Prisma Browser 128.138.2888.2 - Chromium: Heap buffer overflow in Skia.
CVE-2024-8637Fixed in Prisma Browser 128.138.2888.2 - Chromium: Use after free in Media Router.
CVE-2024-8638Fixed in Prisma Browser 128.138.2888.2 - Chromium: Type Confusion in V8.
CVE-2024-8639Fixed in Prisma Browser 128.138.2888.2 - Chromium: Use after free in Autofill.

Product Status

VersionsAffectedUnaffected
Prisma Browser< 128.91.2869.7>= 128.138.2888.2

Severity: HIGH, Suggested Urgency: MODERATE

CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber)

Solution

Prisma Browser 128.138.2888.2 and later versions contain the fixes for all CVEs listed above.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.