CVE-2025-4609

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 136.0.7103.113 Microsoft Edge (Chromium-based) versions prior to 136.0.7103.113 Chromium versions prior to 136.0.7103.113

Description A security issue exists in the Mojo IPC system within Google Chrome and Microsoft Edge browsers. This issue involves an incorrect handle being provided under unspecified circumstances, potentially allowing a remote attacker to perform a sandbox escape via a malicious file. Successful exploitation could lead to remote code execution. The vulnerability was discovered by a researcher named Micky, who received a $250,000 reward from Google for reporting the issue. The vulnerability is related to the Mojo component and specifically involves the IpczDriver. The Mojo IPC system is a critical component for inter-process communication within the browser. The vulnerability allows a malicious renderer process to potentially gain privileged access. The affected API endpoint is not specified.

Recommendations Update Google Chrome to version 136.0.7103.113 or later. Update Microsoft Edge to version 136.0.7103.113 or later. Update Chromium to version 136.0.7103.113 or later.