Cyber Posture

CVE-2025-8879

High

Published: 13 August 2025

Published
13 August 2025
Modified
26 September 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0015 34.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8879 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Google Chrome. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 34.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mandates identification, assessment, prioritization, and timely remediation of the heap buffer overflow flaw in Chrome's libaom via the vendor patch to version 139.0.7258.127.

SI-16 Memory Protection good match
prevent

Implements memory protection techniques like non-executable memory and ASLR to prevent heap corruption from escalating to arbitrary code execution in libaom.

SC-39 Process Isolation good match
prevent

Enforces process isolation through Chrome's sandboxing to confine exploitation of the libaom heap buffer overflow to the renderer process, limiting system-wide impact.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Heap buffer overflow enables direct remote code execution in a client application (Chrome) via crafted input requiring user interaction.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

Deeper analysisAI

CVE-2025-8879 is a heap buffer overflow vulnerability (CWE-122) in the libaom component within Google Chrome versions prior to 139.0.7258.127. The flaw enables a remote attacker to potentially exploit heap corruption by processing a curated set of gestures. Chromium security severity is rated as High, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

A remote attacker can exploit this over the network with low attack complexity and no privileges required, though user interaction is necessary. Exploitation could achieve high impacts on confidentiality, integrity, and availability, potentially allowing heap corruption that leads to arbitrary code execution or system compromise.

Google addressed the vulnerability in Chrome 139.0.7258.127 via a stable channel update, as documented in the Chrome Releases blog (https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html) and the Chromium issue tracker (https://issues.chromium.org/issues/432035817). Security practitioners should prioritize updating affected Chrome installations to mitigate the risk.

Details

CWE(s)
CWE-122

Affected Products

google
chrome
≤ 139.0.7258.127

CVEs Like This One

CVE-2026-5272Same product: Apple Macos
CVE-2026-7339Same product: Apple Macos
CVE-2026-3915Same product: Apple Macos
CVE-2026-7353Same product: Apple Macos
CVE-2026-4448Same product: Apple Macos
CVE-2026-6296Same product: Apple Macos
CVE-2026-5275Same product: Apple Macos
CVE-2026-5858Same product: Apple Macos
CVE-2026-4463Same product: Apple Macos
CVE-2026-6306Same product: Apple Macos

References