PAN-SA-2025-0011 Chromium and Prisma Access Browser: Monthly Vulnerability Update (June 2025)
Exploit Maturity
ATTACKED
Response Effort
MODERATE
Recovery
USER
Value Density
DIFFUSE
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Automatable
NO
User Interaction
ACTIVE
Product Confidentiality
HIGH
Product Integrity
HIGH
Product Availability
HIGH
Privileges Required
NONE
Subsequent Confidentiality
NONE
Subsequent Integrity
NONE
Subsequent Availability
NONE
Description
Palo Alto Networks incorporated the following Chromium security fixes into our products:
- https://chromereleases.googleblog.com/2025/06/extended-stable-updates-for-desktop.html
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
- https://chromereleases.googleblog.com/2025/05/extended-stable-updates-for-desktop.html
- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html
- https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
| CVE | Summary |
|---|---|
| CVE-2025-4664 | Insufficient policy enforcement in Loader |
| CVE-2025-5063 | Use after free in Compositing |
| CVE-2025-5064 | Inappropriate implementation in Background Fetch API |
| CVE-2025-5065 | Inappropriate implementation in FileSystemAccess API |
| CVE-2025-5066 | Inappropriate implementation in Messages |
| CVE-2025-5067 | Inappropriate implementation in Tab Strip |
| CVE-2025-5068 | Use after free in Blink |
| CVE-2025-5280 | Out of bounds write in V8 |
| CVE-2025-5281 | Inappropriate implementation in BFCache |
| CVE-2025-5283 | Use after free in libvpx |
| CVE-2025-5419 | Out of bounds read and write in V8 |
| CVE-2025-4233 | Prisma Access Browser: Inappropriate implementation in Cache |
Product Status
| Versions | Affected | Unaffected |
|---|---|---|
| Prisma Access Browser | < 136.24.1.93 | >= 137.16.2.69 |
Required Configuration for Exposure
No special configuration is required to be affected by this issue.
Severity: HIGH, Suggested Urgency: MODERATE
CVSS-BT: 8.6 / CVSS-B: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/AU:N/R:U/V:D/RE:M/U:Amber)
Exploitation Status
Palo Alto Networks is not aware of any malicious exploitation of this issue.
Solution
| CVE | Prisma Access Browser |
|---|---|
| CVE-2025-4664 | 136.24.2.114 |
| CVE-2025-5063 | 137.16.2.69 |
| CVE-2025-5064 | 137.16.2.69 |
| CVE-2025-5065 | 137.16.2.69 |
| CVE-2025-5066 | 137.16.2.69 |
| CVE-2025-5067 | 137.16.2.69 |
| CVE-2025-5068 | 137.16.2.69 |
| CVE-2025-5280 | 137.16.2.69 |
| CVE-2025-5281 | 137.16.2.69 |
| CVE-2025-5283 | 137.16.2.69 |
| CVE-2025-5419 | 137.16.2.69 |
| CVE-2025-4233 | 136.24.1.93 |
Workarounds and Mitigations
No workaround or mitigation is available.
Acknowledgments
Palo Alto Networks thanks Tan Inn Fung, Yu Ann Ong, Zhang Bosen from the GovTech Cybersecurity Group for discovering and reporting CVE-2025-4233.
Timeline
Initial publication