Palo Alto Networks Security Advisories / PAN-SA-2025-0015

PAN-SA-2025-0015 Chromium: Monthly Vulnerability Update (September 2025)

Urgency MODERATE

047910
Severity 6.1 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2025-09-10
Updated 2025-09-10
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-8576Use after free in Extensions
CVE-2025-8577Inappropriate implementation in Picture In Picture
CVE-2025-8578Use after free in Cast
CVE-2025-8579Inappropriate implementation in Picture In Picture
CVE-2025-8580Inappropriate implementation in Filesystems
CVE-2025-8581Inappropriate implementation in Extensions
CVE-2025-8582Insufficient validation of untrusted input in Core
CVE-2025-8583Inappropriate implementation in Permissions

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 139.12.4.128
>= 139.12.4.128

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-8576
139.12.4.128
CVE-2025-8577
139.12.4.128
CVE-2025-8578
139.12.4.128
CVE-2025-8579
139.12.4.128
CVE-2025-8580
139.12.4.128
CVE-2025-8581
139.12.4.128
CVE-2025-8582
139.12.4.128
CVE-2025-8583
139.12.4.128

Workarounds and Mitigations

No workaround or mitigation is available.

CPE Applicability

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.