Palo Alto Networks Security Advisories / PAN-SA-2025-0009

PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)

Urgency MODERATE

047910
Severity 7.6 · HIGH
Exploit Maturity UNREPORTED
Response Effort LOW
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality HIGH
Subsequent Integrity HIGH
Subsequent Availability HIGH
JSON CSAF
Published 2025-05-14
Updated 2025-05-14
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-3066Use after free in Site Isolation
CVE-2025-3067Inappropriate implementation in Custom Tabs
CVE-2025-3068Inappropriate implementation in Intents
CVE-2025-3069Inappropriate implementation in Extensions
CVE-2025-3070Insufficient validation of untrusted input in Extensions
CVE-2025-3071Inappropriate implementation in Navigations
CVE-2025-3072Inappropriate implementation in Custom Tabs
CVE-2025-3073Inappropriate implementation in Autofill
CVE-2025-3074Inappropriate implementation in Downloads
CVE-2025-3619Heap buffer overflow in Codecs
CVE-2025-3620Use after free in USB
CVE-2025-4050Out of bounds memory access in DevTools
CVE-2025-4051Insufficient data validation in DevTools
CVE-2025-4052Inappropriate implementation in DevTools
CVE-2025-4096Heap buffer overflow in HTML
CVE-2025-4372Use after free in WebAudio

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 135.16.8.96
>= 136.11.9.93

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: HIGH, Suggested Urgency: MODERATE

CVSS-BT: 7.6 / CVSS-B: 9.4 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/AU:N/R:U/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-3066
135.16.8.96
CVE-2025-3067
135.16.8.96
CVE-2025-3068
135.16.8.96
CVE-2025-3069
135.16.8.96
CVE-2025-3070
135.16.8.96
CVE-2025-3071
135.16.8.96
CVE-2025-3072
135.16.8.96
CVE-2025-3073
135.16.8.96
CVE-2025-3074
135.16.8.96
CVE-2025-3619
135.16.8.96
CVE-2025-3620
135.16.8.96
CVE-2025-4050
136.11.9.93
CVE-2025-4051
136.11.9.93
CVE-2025-4052
136.11.9.93
CVE-2025-4096
136.11.9.93
CVE-2025-4372
136.11.9.93

Workarounds and Mitigations

No workaround or mitigation is available.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.