CVE-2025-8879: 
vulnerability analysis and mitigation

A heap buffer overflow vulnerability was discovered in the libaom library within Google Chrome versions prior to 139.0.7258.127. The vulnerability, identified as CVE-2025-8879, was reported anonymously on July 15, 2025, and publicly disclosed on August 12, 2025. This security flaw affects Chrome browsers across Windows, Mac, and Linux operating systems (Chrome Release).

The vulnerability is classified as a heap-based buffer overflow (CWE-122) in the libaom component of Google Chrome. It received a CVSS 3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating remote exploitation potential with high impact on confidentiality, integrity, and availability (NVD Database).

The vulnerability allows remote attackers to potentially exploit heap corruption through a curated set of gestures. Given its high severity rating and the widespread use of Google Chrome, this vulnerability poses significant risks to affected systems (NVD Database).

Google has released version 139.0.7258.127/.128 for Windows and Mac, and version 139.0.7258.127 for Linux to address this vulnerability. Users are strongly advised to update their Chrome browsers to these versions or later (Chrome Release).