{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Chromium: Monthly Vulnerability Update (April 2026)"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: PAN-SA-2026-0004","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-04-08T18:14:05.269Z","generator":{"date":"2026-04-08T18:14:05.269Z","engine":{"name":"Vulnogram","version":"0.1.0-dev"}},"id":"PAN-SA-2026-0004","initial_release_date":"2026-04-08T16:00:00.000Z","revision_history":[{"number":"1","date":"2026-04-08T09:00:00.000Z","summary":"Initial Publication"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[{"name":"Prisma Browser","category":"product_name","branches":[{"category":"product_version_range","name":"vers:generic/Prisma Browser<145.16.12.110","product":{"name":"Palo Alto Networks Prisma Browser","product_id":"PANW-Prisma-Browser-62"}},{"category":"product_version_range","name":"vers:generic/Prisma Browser>=146.3.8.76","product":{"name":"Palo Alto Networks Prisma Browser","product_id":"PANW-Prisma-Browser-63"}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-2648","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Heap buffer overflow in PDFium"}],"references":[{"category":"external","summary":"NVD - CVE-2026-2648","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2648"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Heap buffer overflow in PDFium"}]},{"cve":"CVE-2026-2649","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Integer overflow in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2026-2649","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2649"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Integer overflow in V8"}]},{"cve":"CVE-2026-2650","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Heap buffer overflow in Media"}],"references":[{"category":"external","summary":"NVD - CVE-2026-2650","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2650"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Heap buffer overflow in Media"}]},{"cve":"CVE-2026-3061","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Out of bounds read in Media"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3061","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3061"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Out of bounds read in Media"}]},{"cve":"CVE-2026-3062","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Out of bounds read and write in Tint"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3062","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3062"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Out of bounds read and write in Tint"}]},{"cve":"CVE-2026-3063","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in DevTools"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3063","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3063"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in DevTools"}]},{"cve":"CVE-2026-3536","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Integer overflow in ANGLE"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3536","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3536"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Integer overflow in ANGLE"}]},{"cve":"CVE-2026-3537","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Object lifecycle issue in PowerVR"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3537","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3537"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Object lifecycle issue in PowerVR"}]},{"cve":"CVE-2026-3538","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Integer overflow in Skia"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3538","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3538"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Integer overflow in Skia"}]},{"cve":"CVE-2026-3539","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Object lifecycle issue in DevTools"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3539","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3539"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Object lifecycle issue in DevTools"}]},{"cve":"CVE-2026-3540","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in WebAudio"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3540","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3540"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in WebAudio"}]},{"cve":"CVE-2026-3541","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in CSS"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3541","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3541"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in CSS"}]},{"cve":"CVE-2026-3542","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in WebAssembly"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3542","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3542"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in WebAssembly"}]},{"cve":"CVE-2026-3543","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3543","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3543"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in V8"}]},{"cve":"CVE-2026-3544","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Heap buffer overflow in WebCodecs"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3544","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3544"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Heap buffer overflow in WebCodecs"}]},{"cve":"CVE-2026-3545","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Insufficient data validation in Navigation"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3545","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3545"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Insufficient data validation in Navigation"}]},{"cve":"CVE-2026-3909","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Out of bounds write in Skia"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3909","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3909"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Out of bounds write in Skia"}]},{"cve":"CVE-2026-3910","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3910","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3910"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in V8"}]},{"cve":"CVE-2026-3926","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Out of bounds read in V8"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3926","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3926"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Out of bounds read in V8"}]},{"cve":"CVE-2026-3927","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Incorrect security UI in PictureInPicture"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3927","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3927"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Incorrect security UI in PictureInPicture"}]},{"cve":"CVE-2026-3935","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Incorrect security UI in WebAppInstalls"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3935","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3935"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Incorrect security UI in WebAppInstalls"}]},{"cve":"CVE-2026-3936","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Use after free in WebView"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3936","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3936"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Use after free in WebView"}]},{"cve":"CVE-2026-3940","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Insufficient policy enforcement in DevTools"}],"references":[{"category":"external","summary":"NVD - CVE-2026-3940","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3940"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Insufficient policy enforcement in DevTools"}]},{"cve":"CVE-2026-4464","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Integer overflow in ANGLE"}],"references":[{"category":"external","summary":"NVD - CVE-2026-4464","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4464"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Integer overflow in ANGLE"}]},{"cve":"CVE-2026-4679","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Integer overflow in Fonts"}],"references":[{"category":"external","summary":"NVD - CVE-2026-4679","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4679"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Integer overflow in Fonts"}]},{"cve":"CVE-2026-4680","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Use after free in FedCM"}],"references":[{"category":"external","summary":"NVD - CVE-2026-4680","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4680"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Use after free in FedCM"}]},{"cve":"CVE-2026-5281","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Use after free in Dawn"}],"references":[{"category":"external","summary":"NVD - CVE-2026-5281","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5281"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Use after free in Dawn"}]},{"cve":"CVE-2026-5284","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Use after free in Dawn"}],"references":[{"category":"external","summary":"NVD - CVE-2026-5284","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5284"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Use after free in Dawn"}]},{"cve":"CVE-2026-5287","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Use after free in PDF"}],"references":[{"category":"external","summary":"NVD - CVE-2026-5287","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5287"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Use after free in PDF"}]},{"cve":"CVE-2026-5291","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Inappropriate implementation in WebGL"}],"references":[{"category":"external","summary":"NVD - CVE-2026-5291","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5291"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Inappropriate implementation in WebGL"}]},{"cve":"CVE-2026-5292","product_status":{"fixed":["PANW-Prisma-Browser-63"],"known_affected":["PANW-Prisma-Browser-62"]},"notes":[{"category":"description","text":"Out of bounds read in WebCodecs"}],"references":[{"category":"external","summary":"NVD - CVE-2026-5292","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5292"},{"category":"self","summary":"Palo Alto Networks Security Advisory PAN-SA-2026-0004","url":"https://security.paloaltonetworks.com/PAN-SA-2026-0004"}],"threats":[{"category":"impact","description":"Out of bounds read in WebCodecs"}]}]}