CVE-2023-7261

HIGH

Google Updater < 1.3.36.351 - Local Privilege Escalation via Malicious File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-7261. PoCs published by zerozenxlabs.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2023-7261, targeting a vulnerability in Microsoft Edge's update mechanism. The code demonstrates symbolic link manipulation and COM object interactions to achieve privilege escalation.

Description

Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)

Exploits (1)

nomisec WORKING POC 6 stars

by zerozenxlabs · poc

https://github.com/zerozenxlabs/CVE-2023-7261

View Code ZIP pw:eip

The repository contains a functional exploit PoC for CVE-2023-7261, targeting a vulnerability in Microsoft Edge's update mechanism. The code demonstrates symbolic link manipulation and COM object interactions to achieve privilege escalation.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Edge Update (edgeupdate)

No auth needed

Prerequisites: Access to a vulnerable system with Microsoft Edge installed · Ability to execute code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking

https://issues.chromium.org/issues/40064602

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-233

Status published

Products (1)

google/updater < 1.3.36.351

Published Jun 07, 2024

Tracked Since Feb 18, 2026