Palo Alto Networks Security Advisories / PAN-SA-2025-0002

PAN-SA-2025-0002 Chromium: Monthly Vulnerability Updates

Urgency MODERATE

047910
Severity 6.1 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort LOW
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2025-01-08
Updated 2025-01-08
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2024-12381Type Confusion in V8.
CVE-2024-12382Use after free in Translate.
CVE-2024-12692Type Confusion in V8.
CVE-2024-12693Out of bounds memory access in V8.
CVE-2024-12694Use after free in Compositing.
CVE-2024-12695Out of bounds write in V8.

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 131.140.2943.21>= 131.205.2943.22

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

The following CVEs are fixed in the specified Prisma Access Browser versions and all later Prisma Access Browser versions.

CVEPrisma Access Browser
CVE-2024-12381
131.140.2943.21
CVE-2024-12382131.140.2943.21
CVE-2024-12692
131.205.2943.22
CVE-2024-12693
131.205.2943.22
CVE-2024-12694
131.205.2943.22
CVE-2024-12695
131.205.2943.22

Workarounds and Mitigations

No workaround or mitigation is available.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.