PAN-SA-2024-0009 Prisma Access Browser: Monthly Vulnerability Updates
Urgency
MODERATE
Response Effort
LOW
Recovery
AUTOMATIC
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
ACTIVE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Prisma Access Browser has incorporated the latest upstream Chromium security fixes listed here:
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
- https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_10.html
CVE | CVSS | Summary |
---|---|---|
CVE-2024-7964 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Use after free in Passwords. |
CVE-2024-7965 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in V8. |
CVE-2024-7966 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Out of bounds memory access in Skia. |
CVE-2024-7967 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Heap buffer overflow in Fonts. |
CVE-2024-7968 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Use after free in Autofill. |
CVE-2024-7971 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Type confusion in V8. |
CVE-2024-7972 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in V8. |
CVE-2024-7973 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Heap buffer overflow in PDFium. |
CVE-2024-7974 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Insufficient data validation in V8 API. |
CVE-2024-7975 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Permissions. |
CVE-2024-7976 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in FedCM. |
CVE-2024-7977 | 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer. |
CVE-2024-7978 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Insufficient policy enforcement in Data Transfer. |
CVE-2024-7979 | 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer. |
CVE-2024-7980 | 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Insufficient data validation in Installer. |
CVE-2024-7981 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Views. |
CVE-2024-8033 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in WebApp Installs. |
CVE-2024-8034 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Custom Tabs. |
CVE-2024-8035 | 4.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) | Fixed in Prisma Access Browser 128.91.2869.7 - Chromium: Inappropriate implementation in Extensions. |
CVE-2024-7969 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.114.2877.3 - Chromium: Type Confusion in V8. |
CVE-2024-8193 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.114.2877.3 - Chromium: Heap buffer overflow in Skia. |
CVE-2024-8194 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.114.2877.3 - Chromium: Type Confusion in V8. |
CVE-2024-8198 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.114.2877.3 - Chromium: Heap buffer overflow in Skia. |
CVE-2024-8362 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.120.2884.4 - Chromium: Use after free in WebAudio. |
CVE-2024-7970 | 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) | Fixed in Prisma Access Browser 128.120.2884.4 - Chromium: Out of bounds write in V8. |
CVE-2024-8636 | Fixed in Prisma Access Browser 128.138.2888.2 - Chromium: Heap buffer overflow in Skia. | |
CVE-2024-8637 | Fixed in Prisma Access Browser 128.138.2888.2 - Chromium: Use after free in Media Router. | |
CVE-2024-8638 | Fixed in Prisma Access Browser 128.138.2888.2 - Chromium: Type Confusion in V8. | |
CVE-2024-8639 | Fixed in Prisma Access Browser 128.138.2888.2 - Chromium: Use after free in Autofill. |
Product Status
Versions | Affected | Unaffected |
---|---|---|
Prisma Access Browser | < 128.91.2869.7 | >= 128.138.2888.2 |
Severity: HIGH
CVSSv4.0 Base Score: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Amber)
Solution
Prisma Access Browser 128.138.2888.2 and later versions contain the fixes for all CVEs listed above.
Timeline
Initial publication