PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)

Urgency MODERATE

Exploit Maturity ATTACKED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction ACTIVE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

Published 2025-07-09

Updated 2025-07-09

Discovered externally

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVE	Summary
CVE-2025-5958	Use after free in Media
CVE-2025-5959	Type Confusion in V8
CVE-2025-6191	Integer overflow in V8
CVE-2025-6192	Use after free in Metrics
CVE-2025-6554	Type confusion in V8
CVE-2025-6555	Use after free in Animation
CVE-2025-6556	Insufficient policy enforcement in Loader
CVE-2025-6557	Insufficient data validation in DevTools

Versions	Affected	Unaffected
Prisma Access Browser	< 137.16.6.120	>= 138.33.5.97

No special configuration is required to be affected by this issue.

Palo Alto Networks is not aware of any malicious exploitation of this issue.

No workaround or mitigation is available.

cpe:2.3:a:palo_alto_networks:prisma_access_browser:*:*:*:*:*:*:*:* is vulnerable from (including)137.16.2 and up to (excluding)137.16.2.69

2025-07-09 Initial publication