A researcher has earned a $250,000 bug bounty from Google for a Chrome vulnerability that may be exploited to flee the online browser’s sandbox.
The vulnerability, tracked as CVE-2025-4609, was reported to Google on April 22 by a researcher who makes use of the web moniker ‘Micky’. The difficulty was patched in mid-Might with a Chrome 136 replace, and particulars have now been made public by Google.
The safety flaw, which impacts Chrome’s Mojo inter-process communication system, has been assigned a ‘excessive severity’ score by Google.
The researcher stated his PoC exploit achieved a sandbox escape and system command execution — he opened the calculator app to reveal the exploit — with successful price of 70-80%.
Exploitation of some of these safety holes usually requires the focused person to go to a malicious web site.
$250,000 is the utmost reward that Google is ready to pay out for a Chrome sandbox escape vulnerability, however the quantity can solely be earned for a submission that features a high-quality report with demonstration of distant code execution.
Google described CVE-2025-4609 as a “very complicated logic bug and prime quality report with a practical exploit, with good evaluation and demonstration of a sandbox escape”.
Google stated earlier this yr that it paid out a complete of $12 million by means of its bug bounty applications in 2024 and the very best single reward was $110,000.Commercial. Scroll to proceed studying.
Associated: Google Pays Out $55,000 Bug Bounty for Chrome Vulnerability
Associated: Google Discloses Information Breach through Salesforce Hack
Associated: Vulnerabilities Uncovered Telephone Variety of Any Google Consumer
