Risky Bulletin Newsletter
August 11, 2025
Risky Bulletin: Researcher scores $250,000 for Chrome bug
Presented by

News Editor
Google has awarded a massive $250,000 reward to a bug bounty hunter for discovering a novel sandbox escape in the company's Chrome web browser.
The bug was reported in April and patched a month later, in May, with fixes also going out to the other Chromium browsers, such as Edge, Opera, Vivaldi, Brave, and others.
Tracked as CVE-2025-4609, the vulnerability resides in the ipcz library of Mojo, a Chrome component for managing how the browser's internal processes talk to each other.