CVE-2023-7261 – Google Chrome Updater DosDevices Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2023-7261

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) La implementación inadecuada en Google Updatetor anterior a la versión 1.3.36.351 en Google Chrome permitió a un atacante local realizar una escalada de privilegios a través de un archivo malicioso. (Severidad de seguridad de Chrome: alta) This vulnerability allows local attackers to escalate privileges on affected installations of Google Chrome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update mechanism. By creating a DOS device redirection, an attacker can abuse the update mechanism to launch an executable from an untrusted location. • https://issues.chromium.org/issues/40064602 • CWE-233: Improper Handling of Parameters •