As of 2016, there are at least two confirmed/documented Proof of Concepts of PS4 applicable Working Exploits for the WebKit-based Internet Browser. There are still others to investigate and check Bugs & Vulnerabilities.
Its been demonstrated that code running in sandbox (mono?) simply disables sandboxing when implementing cross application functionality.
SandboxingDisabled = true
Code that runs in sandbox is normally restricted to ?20 MiB? of memory.