A researcher received a $250,000 bug bounty from Google for a Chrome vulnerability (CVE-2025-4609) that allows sandbox escape and system command execution. The flaw, related to Chrome’s Mojo IPC system, was patched in May, emphasizing ongoing efforts to improve browser security. #ChromeVulnerability #SandboxEscape
Keypoints
- A Chrome vulnerability was exploited to escape the browser’s sandbox with a high success rate.
- The bug, CVE-2025-4609, impacts Chrome’s Mojo inter-process communication system.
- Google awarded $250,000 for a high-quality report demonstrating remote code execution and sandbox escape.
- The vulnerability was patched in Chrome version 136 released in mid-May 2025.
- The bug bounty program paid out a total of $12 million in 2024 for various security flaws.
Read More: https://www.securityweek.com/chrome-sandbox-escape-earns-researcher-250000/