A high-severity vulnerability has been identified in the Google Updater component used by Google Chrome and other Google products on macOS. This flaw could allow a local attacker to escalate their privileges and execute arbitrary code, potentially leading to a full system compromise. Organizations are urged to apply the necessary security updates immediately to mitigate the risk of unauthorized access and data breaches.

The vulnerability is an inappropriate implementation within the Google Updater service on macOS. A local, unprivileged attacker can exploit this flaw by manipulating the update process. This could involve crafting a malicious update package or exploiting improper permission handling during the update file verification and execution stages, tricking the high-privileged updater service into running arbitrary code with root-level permissions, leading to a complete compromise of the host system.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have a significant business impact by allowing an attacker to bypass standard security controls on an employee's workstation. A threat actor could install persistent malware, access or exfiltrate sensitive corporate data, disable security software, and use the compromised machine as a pivot point to move laterally across the corporate network, escalating a localized incident into a widespread breach.

Immediate Action: All macOS systems running affected versions of Google Chrome or other Google products must be updated to version 143 or later immediately. Security teams should monitor for signs of exploitation, such as unusual processes spawned by the Google Updater service, and review system and application logs for anomalous activity.

Proactive Monitoring: Configure Endpoint Detection and Response (EDR) tools to alert on suspicious behavior involving the Google Updater processes (GoogleSoftwareUpdateAgent, GoogleSoftwareUpdateDaemon), including unexpected child processes or file writes to privileged system directories. Review logs for privilege escalation events originating from user-level applications.

Compensating Controls: If immediate patching is not feasible, implement application control (whitelisting) to prevent the execution of unauthorized code. Enforce the principle of least privilege for user accounts to limit the initial attack surface. Enhance EDR monitoring rules to specifically target known privilege escalation techniques on macOS.

Public Exploit Available: false

Due to the high severity (CVSS 8.8) of this vulnerability, which allows a local attacker to gain complete control of an affected macOS system, immediate patching is the highest priority. All Mac endpoints with Google Chrome must be updated to version 143 or a later version without delay. Although this CVE is not yet on the CISA KEV list, its potential impact makes it a critical target for threat actors, and organizations should treat its remediation with the utmost urgency.