Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN181 _____________________________________________________________________ DATE : 17/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Prisma Browser versions prior to 144.27.7.133. ===================================================================== https://security.paloaltonetworks.com/PAN-SA-2026-0002 _____________________________________________________________________ PAN-SA-2026-0002 Chromium: Monthly Vulnerability Update (February 2026) Urgency MODERATE Severity 8.1 · HIGH Exploit Maturity UNREPORTED Response Effort MODERATE Recovery USER Value Density DIFFUSE Attack Vector NETWORK Attack Complexity LOW Attack Requirements NONE Automatable NO User Interaction NONE Product Confidentiality HIGH Product Integrity HIGH Product Availability HIGH Privileges Required NONE Subsequent Confidentiality NONE Subsequent Integrity NONE Subsequent Availability NONE JSON CSAF Published 2026-02-11 Updated 2026-02-11 Discovered externally Description Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2026/02/stable-channel-update -for-desktop.html https://chromereleases.googleblog.com/2026/01/stable-channel-update -for-desktop_27.html https://chromereleases.googleblog.com/2026/01/stable-channel-update -for-desktop_20.html https://chromereleases.googleblog.com/2026/01/stable-channel-update -for-desktop_13.html CVE Summary CVE-2026-0899 Out of bounds memory access in V8 CVE-2026-0900 Inappropriate implementation in V8 CVE-2026-0901 Inappropriate implementation in Blink CVE-2026-0902 Inappropriate implementation in V8 CVE-2026-0903 Inappropriate implementation in Downloads CVE-2026-0904 Incorrect security UI in Digital Credentials CVE-2026-0905 Insufficient policy enforcement in Network CVE-2026-0906 Incorrect security UI CVE-2026-0907 Incorrect security UI in Split View CVE-2026-0908 Use after free in ANGLE CVE-2026-1504 Inappropriate implementation in Background Fetch API CVE-2026-1861 Heap buffer overflow in libvpx CVE-2026-1862 Type Confusion in V8 Product Status Versions Affected Unaffected Prisma Browser < 144.27.7.133 >= 144.27.7.133 Severity: HIGH, Suggested Urgency: MODERATE CVSS-BT: 8.1 / CVSS-B: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V/RE:M/U:Amber) Exploitation Status Palo Alto Networks is not aware of any malicious exploitation of this issue. Solution CVE Prisma Browser CVE-2026-0899 144.6.10.59 CVE-2026-0900 144.6.10.59 CVE-2026-0901 144.6.10.59 CVE-2026-0902 144.6.10.59 CVE-2026-0903 144.6.10.59 CVE-2026-0904 144.6.10.59 CVE-2026-0905 144.6.10.59 CVE-2026-0906 144.6.10.59 CVE-2026-0907 144.6.10.59 CVE-2026-0908 144.6.10.59 CVE-2026-1504 144.23.6.110 CVE-2026-1861 144.27.7.133 CVE-2026-1862 144.27.7.133 Workarounds and Mitigations No known workarounds exist for this issue. CPE Applicability cpe:2.3:a:palo_alto_networks:prisma_browser:*:*:*:*:*:*:*:* is vulnerable from (including)144.27.7 and up to (excluding) 144.27.7.133 Timeline 2026-02-11 Initial Publication ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================