Google Awards $250,000 for Critical Chrome Sandbox Escape Vulnerability (CVE-2025-4609)

A security researcher known as 'Micky' has been awarded $250,000 by Google for reporting a high-severity vulnerability in Chrome, identified as CVE-2025-4609. This vulnerability resides in the Mojo IPC system, which is crucial for inter-process communication in Chrome. The flaw allows an attacker to escape the sandbox and execute remote code, posing significant risks to users. The Mojo IPC system is integral to Chrome's multi-process architecture, and a vulnerability in this component can lead to severe security breaches. The high reward underscores the critical nature of the vulnerability and the potential impact on Chrome's vast user base. Sandbox escape vulnerabilities are particularly concerning as they bypass a primary security mechanism designed to isolate and contain malicious activities. Remote code execution (RCE) further exacerbates the risk, enabling attackers to run arbitrary code on affected systems. This discovery highlights the importance of robust bug bounty programs in identifying and mitigating critical vulnerabilities. Organizations and users are advised to ensure their Chrome browsers are updated to the latest version to protect against potential exploits. This incident underscores the continuous need for security research and the valuable role of independent researchers in enhancing software security.