Chrome Sandbox Escape Earns Researcher $250,000

2 days, 22 hours ago securityweek

A researcher has been given the highest reward in Google’s Chrome bug bounty program for a sandbox escape with remote code execution.

A researcher has earned a $250,000 bug bounty from Google for a Chrome vulnerability that can be exploited to escape the web browser’s sandbox.

The vulnerability, tracked as CVE-2025-4609, was reported to Google on April 22 by a researcher who uses the online moniker ‘Micky’. The issue was patched in mid-May with a Chrome 136 update, and details have now been made public by Google.

The security flaw, which impacts Chrome’s Mojo inter-process communication system, has been assigned a ‘high severity’ rating by Google.

The researcher said his PoC exploit achieved a sandbox escape and system command execution — he opened the calculator app to demonstrate the exploit — with a success rate of 70-80%.

Exploitation of these types of security holes typically requires the targeted ...

Copyright of this story solely belongs to securityweek . To see the full text click HERE

Share: