VULNERABILITY DETAILS
In a domain enviorment behind a Fortigate firewall appliance. In a standard domain, a user recieves a Connect Wise link and connects with a HelpDesk technician to resolve an issue they are having. The helpdesk technician sends a command to elivate the UAC of the session in order to run admisitratrive tasks are uninstalling a program or updating something. After the technican disconnects Google Chrome keeps the elivated access of the technican that was connected and the user is now able to, through chrome, access sites that they would otherwise be restricted from due to web filter policies. This elivated access in the web browsers is also able to run HTTP/HTTPS processes via API"s to run scripts. 

VERSION
Chrome Version: 67.0.3396.99
Operating System: Tested on Windows 10 Ver: 1803

REPRODUCTION CASE
See Pic. 
I removed my System admin web policy and was getting blocked on other browsers, IE, Edge, Firefox but i was not getting block on Google Chrome. I was able to stream videos, install plugins and run web app's on sharepoint. In the background is the firewall showing that Youtube is being denied yet still running. We were notified of this because users were able to get to sites that they would otherwise be blocked after a technician had worked with them through a remote support session. On Monday we will be doing more testing on the implications of this as it is on our risk assessment now. 
 

Deleted: Chrome Vulnerability.png 895 KB

	Chrome Vulnerability.png 895 KB View Download