CVE-2025-4609: 
vulnerability analysis and mitigation

CVE-2025-4609 is a high-severity vulnerability discovered in Google Chrome's Mojo component on Windows systems prior to version 136.0.7103.113. The vulnerability was reported by researcher Micky on April 22, 2025, and was officially disclosed on May 14, 2025. The flaw involves an incorrect handle being provided under unspecified circumstances, which affects the Windows version of the Chrome browser (Chrome Release Notes).

The vulnerability has been assigned a CVSS v3.1 base score of 9.6 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. The flaw is associated with CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability specifically affects the Mojo component in Google Chrome on Windows systems and could potentially allow for a sandbox escape through a malicious file (NVD).

The vulnerability could potentially allow a remote attacker to perform a sandbox escape via a malicious file, which represents a significant security risk. Given the Critical CVSS score and the potential for sandbox escape, successful exploitation could lead to complete system compromise within the scope of the Chrome browser's privileges (NVD).

Google has released version 136.0.7103.113 of Chrome for Windows which patches this vulnerability. Users are strongly advised to update to this version or later to mitigate the risk (Chrome Release Notes).