PAN-SA-2025-0008 Chromium and Prisma Access Browser: Monthly Vulnerability Update (April 2025)
Exploit Maturity
UNREPORTED
Response Effort
LOW
Recovery
USER
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
ACTIVE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
HIGH
Subsequent Integrity
HIGH
Subsequent Availability
HIGH
Description
Palo Alto Networks incorporated the following security fixes into Prisma® Access Browser:
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_21.html
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html
- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html
- https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_25.html
| CVE | Summary |
|---|---|
| CVE-2025-1920 | Type Confusion in V8 |
| CVE-2025-2135 | Type Confusion in V8 |
| CVE-2025-2136 | Use after free in Inspector |
| CVE-2025-2137 | Out of bounds read in V8 |
| CVE-2025-2476 | Use after free in Lens |
| CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo |
| CVE-2025-0129 | Prisma Access Browser: Inappropriate control behavior in Prisma Access Browser |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access Browser | < 132.83.3017.1 | >= 134.29.5.178 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity: HIGH, Suggested Urgency: MODERATE
CVSS-BT: 7.6 / CVSS-B: 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:L/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
| CVE | Prisma Access Browser |
|---|---|
| CVE-2025-0129 | 132.83.3017.1 |
| CVE-2025-1920 | 134.17.2.89 |
| CVE-2025-2135 | 134.17.2.89 |
| CVE-2025-2136 | 134.17.2.89 |
| CVE-2025-2137 | 134.17.2.89 |
| CVE-2025-2476 | 134.20.7.166 |
| CVE-2025-2783 | 134.29.5.178 |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-0129.
Timeline
Initial publication