Palo Alto Networks Security Advisories / PAN-SA-2025-0014

PAN-SA-2025-0014 Chromium: Monthly Vulnerability Update (August 2025)

Urgency MODERATE

047910
Severity 6.1 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2025-08-13
Updated 2025-08-13
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-6558Insufficient validation of untrusted input in ANGLE and GPU
CVE-2025-7656Integer overflow in V8
CVE-2025-7657Use after free in WebRTC
CVE-2025-8010Type Confusion in V8
CVE-2025-8011Type Confusion in V8
CVE-2025-8292Use after free in Media Stream

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 138.53.6.158
>= 138.69.4.184

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-6558
138.53.6.158
CVE-2025-7656
138.53.6.158
CVE-2025-7657
138.53.6.158
CVE-2025-8010
138.64.1.169
CVE-2025-8011
138.64.1.169
CVE-2025-8292
138.69.4.184

Workarounds and Mitigations

No workaround or mitigation is available.

CPE Applicability

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.