CVE-2025-8882

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-8882
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVSS

No CVSS.

References
Link Resource
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html Release Notes Vendor Advisory
https://issues.chromium.org/issues/435623339 Issue Tracking Permissions Required
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

14 Aug 2025, 01:07

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
CWE CWE-416
References () https://issues.chromium.org/issues/435623339 - () https://issues.chromium.org/issues/435623339 - Issue Tracking, Permissions Required
References () https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html - () https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html - Release Notes, Vendor Advisory
First Time Google
Linux
Microsoft windows
Google chrome
Apple macos
Apple
Linux linux Kernel
Microsoft

13 Aug 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-13 03:15

Updated : 2025-08-14 01:07

NVD link : CVE-2025-8882

Mitre link : CVE-2025-8882

JSON object : View

Products Affected

linux

  • linux_kernel

google

  • chrome

microsoft

  • windows

apple

  • macos
CWE

No CWE.