PAN-SA-2026-0010 Chromium and Prisma Browser: Monthly Vulnerability Update (July 2026) (Severity: HIGH)
CSIRTS triage
- What
- This is a monthly vulnerability update that addresses multiple vulnerabilities.
- Who is affected
- Users of Chromium and Prisma Browser are affected.
- Urgency
- Remediation is high urgency due to the severity of the vulnerabilities.
- Action
- Update to the latest version of Chromium and Prisma Browser.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Chromium and Prisma Browser
Get an email when a new Chromium and Prisma Browser advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://security.paloaltonetworks.com/PAN-SA-2026-0010
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-108810.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-108820.47% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 37% of all scored CVEs.
- Low exploitation riskCVE-2026-108830.39% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 31% of all scored CVEs.
- Low exploitation riskCVE-2026-108840.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
- Low exploitation riskCVE-2026-108850.37% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 30% of all scored CVEs.
- Low exploitation riskCVE-2026-108860.34% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 27% of all scored CVEs.
- Low exploitation riskCVE-2026-108870.40% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 32% of all scored CVEs.
- Low exploitation riskCVE-2026-108880.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-108890.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all scored CVEs.
- Low exploitation riskCVE-2026-108900.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
Referenced CVEs
+12 more CVEs referenced in this advisory.
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- unknownMultiple vulnerabilities in Palo Alto Networks products (July 09, 2026)cert-fr-avis
- unknownCVE-2026-10881: Chromium: CVE-2026-10881 Out of bounds read and write in ANGLEmsrc
- unknownCVE-2026-10890: Chromium: CVE-2026-10890 Use after free in Castmsrc
- unknownCVE-2026-10887: Chromium: CVE-2026-10887 Use after free in Chromotingmsrc
- unknownCVE-2026-10888: Chromium: CVE-2026-10888 Use after free in Cast Streamingmsrc
- unknownCVE-2026-10889: Chromium: CVE-2026-10889 Out of bounds read in ANGLEmsrc
- unknownCVE-2026-10884: Chromium: CVE-2026-10884 Use after free in Chromecastmsrc
- unknownCVE-2026-10895: Chromium: CVE-2026-10895 Use after free in Ozonemsrc
- unknownCVE-2026-10897: Chromium: CVE-2026-10897 Out of bounds write in GPUmsrc
- unknownCVE-2026-10898: Chromium: CVE-2026-10898 Stack buffer overflow in GPUmsrc
- unknownCVE-2026-10899: Chromium: CVE-2026-10899 Use after free in Ozonemsrc
- unknownCVE-2026-10940: Chromium: CVE-2026-10940 Race in Codecsmsrc
More from Palo Alto Networks Security Advisories
- lowCVE-2026-0279 PAN-OS: Multiple Cross-Site Scripting (XSS) Vulnerabilities (Severity: LOW)2026-07-08
- mediumCVE-2026-0286 PAN-OS: Authenticated Command Injection in CLI (Severity: MEDIUM)2026-07-08
- mediumCVE-2026-0278 Prisma Access Agent: Multiple DLP Policy Bypass Vulnerabilities on Windows (Severity: MEDIUM)2026-07-08
- mediumCVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN) (Severity: MEDIUM)2026-07-08
- mediumCVE-2026-0285 PAN-OS: Server-Side Request Forgery Vulnerability in Management Web Interface (Severity: MEDIUM)2026-07-08