- Description
- Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Analyzed
- Products
- chrome
CVSS 3.1
- Type
- Secondary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-732
- Hype score
- Not currently trending
New Cursor v2.0 finally patches CVE-2025-4609 "Critical Sandbox Escape Vulnerability". Shell commands will now automatically run in a sandbox with limited access to your workspace and no internet access. https://t.co/9PMDzIeWb2
@joey_build
30 Oct 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The $250,000 Bug — My Journey Unpacking CVE-2025-4609 https://t.co/vHP8AtcEmF #bugbounty #bugbountytips #bugbountytip
@bountywriteups
5 Oct 2025
891 Impressions
1 Retweet
8 Likes
10 Bookmarks
0 Replies
0 Quotes
#VulnerabilityReport #bugbounty Record-Breaking Payout: Google Awards $250,000 for a Critical Chrome Flaw (CVE-2025-4609) https://t.co/Xmhfp97gY6
@Komodosec
17 Sept 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Google pagó una recompensa de 250.000 dólares por un fallo en el componente Mojo de Chromium (CVE-2025-4609) permitió una evasión completa del entorno de pruebas. 🤯 https://t.co/o2AlnWljAj https://t.co/1zm0zKuNL4
@ciberseguridadx
4 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google paid out $250,000 bounty for this bug. That's how it's done. A bug in Chromium's Mojo component (CVE-2025-4609) allowed for a full sandbox escape. 🤯 A malicious renderer could basically trick the browser into handing over privileged process handles. Congrats to the ht
@payloadartist
1 Sept 2025
20710 Impressions
40 Retweets
343 Likes
178 Bookmarks
3 Replies
0 Quotes
CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sa… https://t.co/qwK7iEeZim
@CVEnew
22 Aug 2025
500 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💡 أعلى مكافأة في تاريخ برنامج مكافآت الثغرات الـ bug bounty في Chrome!! 🔹حصلت باحثة أمنية على جائزة قدرها 250,000 دولار من Google بعد اكتشافها ثغرة حرجة من نوع Remote Code Ex
@xabdul
12 Aug 2025
520 Impressions
1 Retweet
7 Likes
3 Bookmarks
0 Replies
0 Quotes
A Chrome flaw (CVE-2025-4609) in the Mojo IPC system allowed sandbox escape and system command execution. Google awarded $250K for the report. Patch released in version 136, May 2025. #ChromeBug #SandboxEscape #USA https://t.co/EtyRjXzPCZ
@TweetThreatNews
11 Aug 2025
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2017-5689 2 - CVE-2025-31324 3 - CVE-2025-8088 4 - CVE-2025-4609 5 - CVE-2024-50264 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Aug 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Chromium: CVE-2025-4609 Incorrect handle provided in unspecified circumstances in Mojo https://t.co/0TNAItooaD
@Rajaaaaa07_
16 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0348CA-E6CE-457D-8AAC-1E97E6E793A4",
"versionEndExcluding": "136.0.7103.113",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]