PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026)

Urgency MODERATE

Exploit Maturity UNREPORTED

Response Effort MODERATE

Recovery USER

Value Density DIFFUSE

Attack Vector NETWORK

Attack Complexity LOW

Attack Requirements NONE

Automatable NO

User Interaction NONE

Product Confidentiality HIGH

Product Integrity HIGH

Product Availability HIGH

Privileges Required NONE

Subsequent Confidentiality NONE

Subsequent Integrity NONE

Subsequent Availability NONE

Published 2026-02-11

Updated 2026-02-11

Discovered externally

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVE	Summary
CVE-2026-0899	Out of bounds memory access in V8
CVE-2026-0900	Inappropriate implementation in V8
CVE-2026-0901	Inappropriate implementation in Blink
CVE-2026-0902	Inappropriate implementation in V8
CVE-2026-0903	Inappropriate implementation in Downloads
CVE-2026-0904	Incorrect security UI in Digital Credentials
CVE-2026-0905	Insufficient policy enforcement in Network
CVE-2026-0906	Incorrect security UI
CVE-2026-0907	Incorrect security UI in Split View
CVE-2026-0908	Use after free in ANGLE
CVE-2026-1504	Inappropriate implementation in Background Fetch API
CVE-2026-1861	Heap buffer overflow in libvpx
CVE-2026-1862	Type Confusion in V8

Versions	Affected	Unaffected
Prisma Browser	< 144.27.7.133	>= 144.27.7.133

Palo Alto Networks is not aware of any malicious exploitation of this issue.

No known workarounds exist for this issue.

cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:* is vulnerable from (including)144.27.7 and up to (excluding)144.27.7.133

2026-02-11 Initial Publication