Record $250K Bug Bounty Awarded for Discovering Critical Chrome RCE Flaw

Google has awarded a record-breaking $250,000 bug bounty to security researcher Micky for discovering a critical remote code execution vulnerability in Google Chrome that could allow attackers to escape the browser’s sandbox protection.

The flaw, tracked internally as issue 412578726, represents one of the most severe Chrome vulnerabilities discovered in recent years and highlights the ongoing security challenges facing modern web browsers.

Critical Sandbox Escape Vulnerability

The vulnerability stems from a flaw in Chrome’s ipcz (Inter-Process Communication Zone) system, specifically within the Transport::Deserialize function.

The bug allows a malicious renderer process to duplicate privileged browser process handles, effectively breaking out of Chrome’s carefully designed sandbox security model.

This sandbox is a crucial security feature that isolates web content from the underlying operating system, preventing malicious websites from accessing sensitive system resources.

According to the technical details provided by the researcher, the vulnerability occurs when the ...