CVE-2025-4609
📋 TL;DR
This vulnerability in Google Chrome's Mojo IPC system on Windows allows a remote attacker to escape the browser sandbox via a malicious file. Attackers could execute arbitrary code outside Chrome's security boundaries. All Windows users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the Windows machine, installing malware, stealing credentials, and pivoting to other systems.
Likely Case
Malicious website or file delivers exploit that escapes Chrome sandbox to install ransomware, spyware, or cryptocurrency miners on the victim's system.
If Mitigated
Attack fails due to updated Chrome version, or system-level protections like application whitelisting prevent malicious code execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file/website). No public exploit code available at disclosure time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 136.0.7103.113
Vendor Advisory: https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install update. 4. Click 'Relaunch' to restart Chrome with the fix.
🔧 Temporary Workarounds
Disable automatic file downloads
allConfigure Chrome to ask before downloading files to prevent automatic malicious file execution
chrome://settings/content/automaticDownloads → Toggle off
Enable Enhanced Protection mode
allUse Chrome's Enhanced Protection security mode for additional sandboxing and exploit mitigation
chrome://settings/security → Enable Enhanced Protection
🧯 If You Can't Patch
- Restrict Chrome to only trusted websites using browser extension policies
- Deploy application control/whitelisting to block unauthorized executables from Chrome processes
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in About Google Chrome page. If version is less than 136.0.7103.113, system is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 136.0.7103.113 or higher in About Google Chrome page.📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with Mojo-related errors
- Windows Event Logs showing Chrome spawning unexpected child processes
- Antivirus alerts for Chrome processes attempting to write to protected system areas
Network Indicators:
- Unusual outbound connections from Chrome processes to known malicious domains
- Chrome processes making network connections to unexpected ports
SIEM Query:
process_name:chrome.exe AND (parent_process:explorer.exe OR process_command_line:*--type=* AND NOT process_command_line:*--type=renderer*)