Palo Alto Networks Security Advisories / PAN-SA-2025-0016

PAN-SA-2025-0016 Chromium: Monthly Vulnerability Update (October 2025)

Urgency MODERATE

047910
Severity 6.1 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort MODERATE
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2025-10-08
Updated 2025-10-08
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-9132Out of bounds write in V8
CVE-2025-9478Use after free in ANGLE
CVE-2025-9864Use after free in V8
CVE-2025-9865Inappropriate implementation in Toolbar
CVE-2025-9866Inappropriate implementation in Extensions
CVE-2025-9867Inappropriate implementation in Downloads
CVE-2025-10200Use after free in Serviceworker
CVE-2025-10201Inappropriate implementation in Mojo
CVE-2025-10500Use after free in Dawn
CVE-2025-10500Use after free in Dawn
CVE-2025-10501Use after free in WebRTC
CVE-2025-10501Use after free in WebRTC
CVE-2025-10502Heap buffer overflow in ANGLE
CVE-2025-10502Heap buffer overflow in ANGLE
CVE-2025-10585Type confusion in V8
CVE-2025-10585Type confusion in V8
CVE-2025-10890Side-channel information leakage in V8
CVE-2025-10890Side-channel information leakage in V8
CVE-2025-10891Integer overflow in V8
CVE-2025-10891Integer overflow in V8
CVE-2025-10892Integer overflow in V8
CVE-2025-10892Integer overflow in V8

Product Status

VersionsAffectedUnaffected
Prisma Browser < 139.18.2.139
>= 141.6.4.55

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Browser
CVE-2025-9132
139.18.2.139
CVE-2025-9478
139.23.4.155
CVE-2025-10200
140.14.7.133
CVE-2025-10201
140.14.7.133
CVE-2025-9864
140.14.7.133
CVE-2025-9865
140.14.7.133
CVE-2025-9866
140.14.7.133
CVE-2025-9867
140.14.7.133
CVE-2025-10500
141.6.4.55
CVE-2025-10501
141.6.4.55
CVE-2025-10502
141.6.4.55
CVE-2025-10585
141.6.4.55
CVE-2025-10890
141.6.4.55
CVE-2025-10891
141.6.4.55
CVE-2025-10892
141.6.4.55

Workarounds and Mitigations

No workaround or mitigation is available.

CPE Applicability

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.