Impact
An improper implementation in Chrome’s Updater on Windows allows a local attacker to elevate privileges by placing a malicious file that the updater processes. The vulnerability enables the attacker to execute code with the current user’s rights and then seize system‑level privileges, effectively granting full control over the affected machine.
Affected Systems
All Windows installations of Google Chrome running any version before 150.0.7871.47 are affected; the issue exists in stable channel releases prior to that patch.
Risk and Exploitability
The EPSS score is < 1% and the vulnerability is not listed in the CISA KEV catalog, yet it is classified as High severity by Chromium with a CVSS score of 7.8. The flaw requires local access; any user who can place a file on the system can trigger the privilege escalation. Because the exploitation can occur from an ordinary user context, the risk to users of the vulnerable Chrome versions is significant until the updater is updated or removed.
OpenCVE Enrichment