PAN-SA-2024-0017 Chromium: Monthly Vulnerability Updates
Exploit Maturity
UNREPORTED
Response Effort
LOW
Recovery
USER
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
ACTIVE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Palo Alto Networks incorporated the following Chromium security fixes into our products:
| CVE | Summary |
|---|---|
| CVE-2024-11395 | Type Confusion in V8. |
| CVE-2024-12053 | Type Confusion in V8. |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access Browser | < 131.86.2955.0 | >= 131.109.2968.0 |
Severity: MEDIUM, Suggested Urgency: MODERATE
CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:L/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of these issues.
Solution
The following CVEs are fixed in the specified Prisma Access Browser version and all later Prisma Access Browser versions.
| CVE | Prisma Access Browser |
|---|---|
| CVE-2024-11395 | 131.86.2955.0 |
| CVE-2024-12053 | 131.109.2968.0 |
Timeline
Initial publication