Privilege Escalation Vulnerability in Google Chrome Prior to 1.3.36.351
CVE-2023-7261

7.8HIGH

Key Information:

Vendor: Google
Status: Omaha
Vendor: CVE Published:; 7 June 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability was found in Google Chrome's Updator that allows a local attacker to exploit an inappropriate implementation, potentially leading to privilege escalation. This exploit occurs when a malicious file is utilized, enabling unauthorized access to system resources. Users using versions of the Updator prior to 1.3.36.351 are particularly at risk and should apply the necessary updates to mitigate potential attacks.

Affected Version(s)

Omaha 1.3.36.271

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7261
Created by zerozenxlabs

References

https://issues.chromium.org/issues/40064602

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 15, 2024
👾
Exploit known to exist
Nov 15, 2024
Vulnerability published
Jun 7, 2024
Vulnerability Reserved
May 20, 2024