CVE-2025-8879 identifies a heap buffer overflow vulnerability within the libaom library integrated into Google Chrome prior to version 139.0.7258.127. libaom is an AV1 video codec library used by Chrome for video decoding. The vulnerability arises from improper handling of memory buffers during processing of specific gesture inputs, which can be manipulated by a remote attacker through a crafted web page or content. This heap overflow can corrupt memory, potentially allowing an attacker to execute arbitrary code within the context of the browser process. The flaw does not require any privileges or prior authentication but does require user interaction, such as visiting a malicious website or interacting with crafted content. The vulnerability affects the confidentiality, integrity, and availability of the system by enabling remote code execution, data theft, or browser crashes. The CVSS v3.1 base score is 8.8, reflecting high severity with network attack vector, low attack complexity, no privileges required, user interaction needed, and full impact on confidentiality, integrity, and availability. Although no exploits have been reported in the wild yet, the high severity and wide deployment of Chrome make this a critical risk. The vulnerability was publicly disclosed on August 13, 2025, and users are advised to update to Chrome 139.0.7258.127 or later where the issue is patched.

The vulnerability allows remote attackers to execute arbitrary code within the browser context, potentially leading to full system compromise depending on the underlying OS security. Confidentiality is at risk as attackers could access sensitive data processed by the browser. Integrity can be compromised through code injection or manipulation of browser behavior. Availability is also affected due to possible crashes or denial of service from heap corruption. Organizations relying on Chrome for web access, especially those in sensitive sectors such as finance, government, and critical infrastructure, face increased risk of targeted exploitation. The ease of exploitation (no privileges required, low complexity) combined with the widespread use of Chrome globally amplifies the threat. Although no active exploits are known, the vulnerability's characteristics make it a prime candidate for future exploitation by cybercriminals or nation-state actors.

Organizations should immediately update Google Chrome to version 139.0.7258.127 or later to apply the official patch addressing this vulnerability. Until patching is complete, consider implementing network-level protections such as web filtering to block access to untrusted or suspicious websites that could host exploit code. Employ endpoint detection and response (EDR) solutions capable of monitoring abnormal browser behavior indicative of exploitation attempts. Disable or restrict unnecessary browser features related to gesture inputs if configurable via enterprise policies. Conduct user awareness training to minimize risky interactions with unknown web content. Regularly audit browser versions across the enterprise to ensure compliance with security updates. Additionally, monitor threat intelligence feeds for any emerging exploit activity related to this CVE to enable rapid response.