Palo Alto Networks Security Advisories / PAN-SA-2025-0004

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)

Urgency MODERATE

047910
Severity 6.1 · MEDIUM
Exploit Maturity UNREPORTED
Response Effort LOW
Recovery USER
Value Density DIFFUSE
Attack Vector NETWORK
Attack Complexity LOW
Attack Requirements NONE
Automatable NO
User Interaction ACTIVE
Product Confidentiality HIGH
Product Integrity HIGH
Product Availability HIGH
Privileges Required NONE
Subsequent Confidentiality NONE
Subsequent Integrity NONE
Subsequent Availability NONE
JSON CSAF
Published 2025-02-12
Updated 2025-02-12
Discovered externally

Description

Palo Alto Networks incorporated the following Chromium security fixes into our products:

CVESummary
CVE-2025-0291Type Confusion in V8
CVE-2025-0434Out of bounds memory access in V8
CVE-2025-0435Inappropriate implementation in Navigation
CVE-2025-0436Integer overflow in Skia
CVE-2025-0437Out of bounds read in Metrics
CVE-2025-0438Stack buffer overflow in Tracing
CVE-2025-0439Race in Frames
CVE-2025-0440Inappropriate implementation in Fullscreen
CVE-2025-0441Inappropriate implementation in Fenced Frames
CVE-2025-0442Inappropriate implementation in Payments
CVE-2025-0443Insufficient data validation in Extensions
CVE-2025-0444Use after free in Skia
CVE-2025-0445Use after free in V8
CVE-2025-0446Inappropriate implementation in Extensions
CVE-2025-0447Inappropriate implementation in Navigation
CVE-2025-0448Inappropriate implementation in Compositing
CVE-2025-0451Inappropriate implementation in Extensions API
CVE-2025-0611Object corruption in V8
CVE-2025-0612Out of bounds memory access in V8
CVE-2025-0762Use after free in DevTools

Product Status

VersionsAffectedUnaffected
Prisma Access Browser< 132.111.3017.2>= 133.8.10.54

Required Configuration for Exposure

No special configuration is required to be affected by this issue.

Severity: MEDIUM, Suggested Urgency: MODERATE

CVSS-BT: 6.1 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:L/U:Amber)

Exploitation Status

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Solution

CVEPrisma Access Browser
CVE-2025-0291
132.111.3017.2
CVE-2025-0434
132.111.3017.2
CVE-2025-0435
132.111.3017.2
CVE-2025-0436
132.111.3017.2
CVE-2025-0437
132.111.3017.2
CVE-2025-0438
132.111.3017.2
CVE-2025-0439
132.111.3017.2
CVE-2025-0440
132.111.3017.2
CVE-2025-0441
132.111.3017.2
CVE-2025-0442
132.111.3017.2
CVE-2025-0443
132.111.3017.2
CVE-2025-0446
132.111.3017.2
CVE-2025-0447
132.111.3017.2
CVE-2025-0448
132.111.3017.2
CVE-2025-0444
133.8.10.54
CVE-2025-0445
133.8.10.54
CVE-2025-0451
133.8.10.54
CVE-2025-0611
133.8.10.54
CVE-2025-0612
133.8.10.54
CVE-2025-0762
133.8.10.54

Workarounds and Mitigations

No workaround or mitigation is available.

Timeline

Initial publication
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.