CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-7261
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) La implementación inadecuada en Google Updatetor anterior a la versión 1.3.36.351 en Google Chrome permitió a un atacante local realizar una escalada de privilegios a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. By creating a DOS device redirection, an attacker can abuse the update mechanism to launch an executable from an untrusted location. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1694
https://notcve.org/view.php?id=CVE-2024-1694
Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) La implementación inadecuada en Google Updatetor anterior a 1.3.36.351 en Google Chrome permitió a un atacante local eludir el control de acceso discrecional a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) • https://issues.chromium.org/issues/40946325 •